https://affiliate.rakuten.co.jp/info/back2016.html - アフィリエイトリンクのSSL対応について Although our searchbox has rakuten affiliate. we doesn't use non-HTTPS search. But from Dec 2016, they supports HTTPS. So if possible, we should change from HTTP to HTTPS.
Summary: Use HTTPS for Rakuten serach provider if possible → Use HTTPS for Rakuten search provider if possible
Someone should contact this search provider and make sure they're OK with us switching to https. That's what we used to do in the past, not sure if the policy changed because we want most of them to be https (CCing mkaply).
> Although our searchbox has rakuten affiliate. we doesn't use non-HTTPS search. But from Dec 2016, they supports HTTPS. So if possible, we should change from HTTP to HTTPS. I just ran some tests and it's not using https for me. Going to https://search.rakuten.co.jp/ Redirects to http. Is it a different URL? This particular URL is an affilate URL and we would have to go to them and request a new URL, which is not practical at this time. So I don't think we'll be able to do this. On another note, that page seems to indicate that they are ending their affiliate program? I wonder if this affects us...
The announcement Makoto linked say: HTML tag and link target URL generated on Item/hop link generation page will be changed from "http" to "https" as following: This change is currently about tags generated on Item/hop link generation page but motion widget and other tags will be also changed step by step. href="http://hb.afl.rakuten.co.jp => a href="https://hb.afl.rakuten.co.jp img src="http://hbb.afl.rakuten.co.jp => img src="https://hbb.afl.rakuten.co.jp That is, Rakuten is now under transition to wtich HTTP to HTTPS. I guess the transition is not completed yet and main Rakuten site still use HTTP, only some of sub domains switched to use HTTPS currently. The search url of for Rakuten Affiliate for Firefox Desktop is currently http://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/ HTTPS version seems to work already but this sub domain is not hb.afl.rakuten.co.jp nor hbb.afl.rakuten.co.jp mentioned in the annoucement. it's not yet sure if our affiliate can already use HTTPS or not. Anyway, I'll contact to Rakuten staff who is in charge of our search affiliate and ask her when should our search plugin can use HTTPS. (In reply to Mike Kaply [:mkaply] from comment #2) > On another note, that page seems to indicate that they are ending their > affiliate program? I wonder if this affects us... The closing announcement is about the "楽天ネットスーパー" (http://netsuper.rakuten.co.jp/) service affiliate, not about main Rakuten shopping (http://www.rakuten.co.jp/). So this will not affect us.
Update from Rakuten: (As I wrote above) They are currently underway to switch Rakuten Ichiba to full HTTPS. Their current plan is to complete it around the end of June. They request us to keep using HTTP for our query and switch to HTTPS after their transition.
I've talked more with Rakuten staffs about the search engine parameters and redirection etc. Then finally they agreed to switch our search url to HTTPS now. I'll attache the patch for this. Note from the talk with them: Current search url is: http://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/?sitem=keyword&sv=2&p=0 this will be redirected to: -> http://esearch.rakuten.co.jp/r/sar.cgi/?sv=2&p=0&sitem=keyword&scid=af_pc_etc&sc2id=20752779 -> http://esearch.rakuten.co.jp/rms/sd/esearch/vc?sv=2&sitem=keyword&p=0 -> http://search.rakuten.co.jp/search/mall/keyword/?p=0 These redirections make load time longer but it's intentional and must not change the domain/url of the search. They use these redirections to track search partners. Final url (search.rakuten.co.jp) is still HTTP but will be changed soon (around the end of June, TBD) and they agreed to change our search query from HTTP to HTTPS now.
Please review the patch and check into mozilla-central
Attachment #8859936 - Flags: review?(francesco.lodolo)
Comment on attachment 8859936 [details] [diff] [review] use https for rakuten search plugin Review of attachment 8859936 [details] [diff] [review]: ----------------------------------------------------------------- I'm turning this over to Mike, since it's a partner. I have some concerns on the number of redirects they do, and also the fact that they lose https right after the first one. It also means that we're going to update this searchplugin a second time in 2 months, to fix the search URL. Does it make sense to wait until they fully switch they systems to https?
Attachment #8859936 - Flags: review?(francesco.lodolo) → review?(mozilla)
(In reply to Francesco Lodolo [:flod] from comment #7) > I have some concerns on the number of redirects they do, and also the fact > that they lose https right after the first one. It also means that we're > going to update this searchplugin a second time in 2 months, to fix the > search URL. Does it make sense to wait until they fully switch they systems > to https? Unfortunately we (or they) cannot reduce the number of redirection unless Mozilla give up the current affiliation partnership with them. I guess they cannot change their server infrastructure to reduce the redirections only for us. As for the update of the searchplugin, we need not update again when they fully switch to https. Even when they start using https for their main shopping site (www.rakuten.co.jp & search.rakuten.co.jp), search query from Firefox will not change. It should continue to be this one: https://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/?sitem=keyword&sv=2&p=0
The end result between https and http seems to be the same (in terms of where you land), so it doesn't seem like we lose anything by doing this. Is that what you see flod?
(In reply to Mike Kaply [:mkaply] from comment #9) > The end result between https and http seems to be the same (in terms of > where you land), so it doesn't seem like we lose anything by doing this. > > Is that what you see flod? Yes, we end up in the same place.
Assignee: nobody → bugzilla
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/b55e0e4fec2d Use HTTPS for Rakuten search provider if possible. r=mkaply
You need to log in before you can comment on or make changes to this bug.