Closed Bug 1427500 Opened 6 years ago Closed 3 years ago

Use HTTPS for autocompleted URLs where appropriate

Categories

(Firefox for Android Graveyard :: Awesomescreen, defect, P3)

Product:
Firefox for Android Graveyard
Component:
Awesomescreen
Platform:
ARM
Android
Type:
defect

Tracking

(firefox64 wontfix, firefox65 fix-optional, firefox66 affected)

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox64 --- wontfix
firefox65 --- fix-optional
firefox66 --- affected

People

(Reporter: billdillensrevenge, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171226083017

Steps to reproduce:

using Firefox for Android 57.0.1, when I type 'g' into the URL bar and go to google.com, it does not go to the secure HTTPS version of google.com. This is an issue because Firefox for Desktop release notes for v55 says "When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible"

https://www.mozilla.org/en-US/firefox/55.0/releasenotes/

Firefox for Android should also do this! This issue is especially surprising and concerning because A) google search is the most popular website in the world B) google is now the default firefox search engine in many regions.
Blocks: 1427533
That release note might have been formulated a tad over-optimistic, because it only applies to domain names autocompleted from your browsing history (bug 1341350), so the HTTPS URL will only be suggested if the majority of your visits to that domain have actually been using the HTTPS [1]. Defaulting to HTTPS in any case would be bug 1158191, which is an unresolved matter for the time being even on Desktop.

Still, you're right that our autocompletion logic never loads a HTTPS URL directly unless the user manually starts out typing the protocol. Given limited development resources, mirroring Desktop's logic exactly [3] might be too much work, though, never mind any potential performance impacts [4] for doing an additional query for figuring out the appropriate prefix/protocol. A simpler solution that should be relatively doable with our current autocompletion implementation would be to simply take the protocol used by the respective browsing history search result that is powering our autocompletion in the background.

As a rough sketch of what I have in mind:
- findAutocompletion/handleAutocomplete in BrowserSearch should return the protocol of the chosen search result [5] in addition to the autocompletion string itself
- the BrowserToolbar/the ToolbarEditLayout should store that protocol in the background when displaying an autocompletion (and obviously discard it again when the visible autocompletion is discarded)
- if the autocompletion result is committed, the stored protocol should be prepended to the URL before loading it.


[1] And interestingly enough the version of the Google homepage currently [2] served to Firefox doesn't necessarily automatically redirect to HTTPS.
[2] I've seen some reports that Google has started A/B testing for finally giving mobile Firefox users the same homepage design as given to Chrome, so this might change in the near future.
[3] My very rough understanding (that might be wrong, though) is that first a domain is searched and once a domain to autocomplete has been found, all history entries for that domain are searched to decide 1.) whether to use a prefix like www. or not and 2.) which protocol to use. Plus the autocompleted result has its own "Visit ..." entry in the Awesomebar popup showing which URL exactly is going to be loaded, which mobile Firefox hasn't.
[4] Especially with profiles synced with desktop Firefoxes, our browsing history search is currently slow enough as it is (bug 1411226).
[5] Which means bug 1427533 if we want results autocompleted from our fallback topdomains list to load via HTTPS where appropriate.
Status: UNCONFIRMED → NEW
Component: General → Awesomescreen
Ever confirmed: true
OS: Unspecified → Android
Hardware: Unspecified → All
Summary: Firefox not going to secure/encrypted (HTTPS) version of websites when entered in URL bar → Use HTTPS for autocompleted URLs were appropriate
Version: 57 Branch → unspecified
Thank you! Should someone from Mozilla contact Google about this? Maybe there is something they can do on their end. Google IS Firefox's default search engine for many users and I'm sure they want these users on the HTTPS version of google.com
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox66: --- → affected
Hardware: All → ARM
Version: unspecified → Trunk
Summary: Use HTTPS for autocompleted URLs were appropriate → Use HTTPS for autocompleted URLs where appropriate
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.