Closed Bug 1415544 Opened 7 years ago Closed 7 years ago

Conditional tweaks to Fx 57 related content for Firefox China repack

Categories

(www.mozilla.org :: Pages & Content, enhancement)

Product:
www.mozilla.org
Component:
Pages & Content
Version:
Production
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hectorz, Assigned: hectorz)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

Link to GitHub pull-request: https://github.com/mozilla/bedrock/pull/5258
44 bytes, text/x-github-pull-request
Details | Review
Link to GitHub pull-request: https://github.com/mozilla/bedrock/pull/5259
44 bytes, text/x-github-pull-request
Details | Review
Link to GitHub pull-request: https://github.com/mozilla/bedrock/pull/5260
44 bytes, text/x-github-pull-request
Details | Review
Similar to bug 1264843, Beijing office would like to make a few changes to certain Fx 57 pages when viewing them within Fx China repack. They are: * redirect to Fx China repack's homepage @ http://home.firefoxchina.cn/ instead of about:home at the end of the firstrun animation (bug 1397532) * link to Fx China repack's download page @ http://www.firefox.com.cn/ instead of https://www.mozilla.org/firefox/ in the last paragraph of CEO's letter on whatsnew (bug 1411076) * not as urgent as the other two, show a QR code to Tencent app store instead of the adjust one in /firefox/mobile/ (bug 1397520) I've created and tested the changes locally, and they're all fairly minimal. Since none of the above mentioned work is merged into master yet, should I send PRs to those PRs for review first? We should've noticed the QR code part in whatsnew for Fx 54 but somehow missed it, we'll try to improve our monitoring of updates to in-product pages in the future. Thanks.
Assignee: nobody → bzhao
Status: NEW → ASSIGNED
Hi Hector! Thanks for opening this bug and offering these patches, Before reviewing/merging these changes, we'd like to get some opinions from the FF product team on the following areas: 1.) http://www.firefox.com.cn/ is served over http only. 2.) The Firefox download button on that page is also http only: http://download.firefox.com.cn/ 3.) The start page (and search box) at http://start.firefoxchina.cn/ also seem to be http only. 4.) The QR code link also appears to redirect to an http URL (although it looks like an https alternative may be available when testing manually) Points 1) and 2) seem to be the most critical, as we would be redirecting users to download Firefox over an insecure connection.
(In reply to Alex Gibson [:agibson] from comment #4) > > 1.) http://www.firefox.com.cn/ is served over http only. > 2.) The Firefox download button on that page is also http only: > http://download.firefox.com.cn/ I remember the insecure connection issue was brought up earlier this year in bug 1356463, we looked into our options but couldn't find any Chinese CDN providers who support SHA-1 fallback similar to that described in [1]. Since China is lagging behind on the adoption of SHA-2 aware browsers, I don't think we can just enable https for {www,download}.firefox.com.cn and ignore those affected users. [1]: https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
(In reply to Hector Zhao [:hectorz] from comment #5) > (In reply to Alex Gibson [:agibson] from comment #4) > > > > 1.) http://www.firefox.com.cn/ is served over http only. > > 2.) The Firefox download button on that page is also http only: > > http://download.firefox.com.cn/ > > I remember the insecure connection issue was brought up earlier this year in > bug 1356463, we looked into our options but couldn't find any Chinese CDN > providers who support SHA-1 fallback similar to that described in [1]. Since > China is lagging behind on the adoption of SHA-2 aware browsers, I don't > think we can just enable https for {www,download}.firefox.com.cn and ignore > those affected users. > > [1]: https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/ Just realized that for this use case only (link in WNP) maybe we can setup a separate https instance of our website w/o switching all of our traffic to https, since users visting WNP must be using Fx. I'll ask and see how fast can we get that done.
:Canuckistani please see Comment 4.
Flags: needinfo?(jgriffiths)
:osunick can you take a look at Comment 4? We are feeling blocked unless we have a Product decision.
Flags: needinfo?(nnguyen)
It seems like there are complications around securely distributing Firefox in china - that sucks. I guess it's fine to continue serving over http to browsers that have no other option but I'd like us to try to serve downloads securely if we can, and also warn users when they're connecting from insecure browsers. I don't think this should block golive, this change is coming in very late in the process.
Flags: needinfo?(jgriffiths)
(In reply to Hector Zhao [:hectorz] from comment #6) > > Just realized that for this use case only (link in WNP) maybe we can setup a > separate https instance of our website w/o switching all of our traffic to > https, since users visting WNP must be using Fx. I'll ask and see how fast > can we get that done. We're setting up these new urls, for use in firstrun/whatsnew only: https://new.firefox.com.cn/ https://download-ssl.firefox.com.cn/ https://start.firefoxchina.cn/ And I'll update the PR when they're ready.
Blocks: 1415968
(In reply to Hector Zhao [:hectorz] from comment #10) > (In reply to Hector Zhao [:hectorz] from comment #6) > > > > Just realized that for this use case only (link in WNP) maybe we can setup a > > separate https instance of our website w/o switching all of our traffic to > > https, since users visting WNP must be using Fx. I'll ask and see how fast > > can we get that done. > > We're setting up these new urls, for use in firstrun/whatsnew only: > > https://new.firefox.com.cn/ > https://download-ssl.firefox.com.cn/ > https://start.firefoxchina.cn/ > > And I'll update the PR when they're ready. PR 5258 for whatsnew & 5259 for firstrun updated.
Commit pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/2db92bd677678fbb6cc7a791704bcacfd2fcc1f5 Bug 1415544 - open alternative start page in firstrun for Fx China repack.
Commit pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/f297e6788e2ecf61c054d37fc16115918edd6d12 Bug 1415544 - alternative firefox link in 57.0 whatsnew for Fx China repack.
(In reply to [github robot] from comment #12) > Commit pushed to master at https://github.com/mozilla/bedrock > > https://github.com/mozilla/bedrock/commit/ > 2db92bd677678fbb6cc7a791704bcacfd2fcc1f5 > Bug 1415544 - open alternative start page in firstrun for Fx China repack. (In reply to [github robot] from comment #13) > Commit pushed to master at https://github.com/mozilla/bedrock > > https://github.com/mozilla/bedrock/commit/ > f297e6788e2ecf61c054d37fc16115918edd6d12 > Bug 1415544 - alternative firefox link in 57.0 whatsnew for Fx China repack. Thanks! I've verified both work as expected now. (In reply to Alex Gibson [:agibson] from comment #4) > 4.) The QR code link also appears to redirect to an http URL (although it > looks like an https alternative may be available when testing manually) > About the QR code, we talked with our contact at Tencent app store, unfortunately they don't consider access over https officially supported. As I've explained in https://github.com/mozilla/bedrock/pull/5260 : > We're using the url of Tencent app store since we believe WeChat is the QR code > scanner of choice in China, and Tencent's own app store works best with it. > I'm wondering whether you have numbers from adjust to tell whether our assumption about WeChat is true. When trying to figure out how the current QR code works, I noticed the url encoded in the QR code is also http: > http://qr.w69b.com/g/sgKASu4PC => https://app.adjust.com/x8xj03 => (different app stores) > Is it a small oversight or maybe there's some reason behind it?
Flags: needinfo?(nnguyen)
Commit pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/a60d49855d4c33c55af71fae98ab0b85b113bfc0 Bug 1415544 - show QR code to alternative mobile app store for Fx China repack.
Thanks!
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: