Closed Bug 1454228 Opened 7 years ago Closed 7 years ago

PWA fails launching with "Insecure connection"

Categories

(Firefox for Android Graveyard :: Web Apps (PWAs), defect, P1)

Product:
Firefox for Android Graveyard
Component:
Web Apps (PWAs)
Platform:
All
Android
Type:
defect

Tracking

(fennec?, firefox59 unaffected, firefox60 unaffected, firefox61blocking verified)

Status:
VERIFIED FIXED
Milestone:
Firefox 61
Tracking Flags:
Tracking Status
fennec ? ---
firefox59 --- unaffected
firefox60 --- unaffected
firefox61 blocking verified

People

(Reporter: ishitatsuyuki, Assigned: droeh)

References

Details

(Keywords: regression)

Attachments

(1 file, 2 obsolete files)

Ignore first about:blank load for PWAs.
1.44 KB, patch
jchen
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180323154952 Steps to reproduce: Launch a PWA from home screen. Probably first bad build number: 20180415000619 Actual results: A toast "Insecure connection" was shown. The PWA was opened in a new tab instead of being opened immersively. Expected results: It should open full screen and not as a tab.
Can you give a link to a PWA that exhibits that behaviour?
Component: General → Web Apps
Flags: needinfo?(ishitatsuyuki)
Please try https://hn.nuxtjs.org/.
Flags: needinfo?(ishitatsuyuki)
Can confirm this issue on the latest Nightly build (2018-04-16), with any PWA: twitter.com, pwa.rocks,ft.com. Devices: Huawei P9 Lite (Android 6.0) HTC 10 (Android 8.0)
Status: UNCONFIRMED → NEW
status-firefox59: --- → unaffected
status-firefox60: --- → unaffected
status-firefox61: --- → affected
Ever confirmed: true
Keywords: regression
OS: Unspecified → Android
Hardware: Unspecified → All
tracking-fennec: --- → ?
I see this with GMail too. We can't ship with this bug.
Severity: normal → blocker
tracking-firefox61: +blocking
Dale, can you please help find an owner for this?
Flags: needinfo?(dharvey)
Yup noticed it as well, seemed like an upgrade issue, However I got taken off this feature / area quite a while ago, hopefully Andreas can find someone?
Flags: needinfo?(dharvey) → needinfo?(abovens)
This is because the start_url is loaded, but then immediately thereafter, a redirect happens. That's the reason why the PWA is opened in the browser instead. The same behavior can be observed in gotransit.com Personally, I'm not sure what is best here... I do think it's a little strange to redirect immediately after launching the start_url: why not point to the right location from the manifest? That said, redirects within the same domain are fine, and perhaps the "Insecure connection" string should be more precise.
Flags: needinfo?(snorp)
Flags: needinfo?(cnevinchen)
Flags: needinfo?(abovens)
Pinging Snorp and Nevin for their take.
This behavior also shows on https://pinafore.social as well. It has a start_url of "/?pwa=true". AFAICT it does not do any kind of redirect when you load this URL.
RyanVM pointed out that I am actually the triage owner for this component, being that I dont do any other work on mobile and am not given any time to work on this, probably best if someone else is found
That's probably a mistake, Dale. Snorp or someone in his team should be able to assist, I believe.
I think Dylan is planning to look at this soon.
Flags: needinfo?(snorp)
OK, it seems like this is more serious than I thought. All types of PWAs appear to be affected by this, so this is a serious regression: any PWA that I install and launch from the home screen opens in the browser instead of in standalone mode. Stable is not affected. Susheel, can this be prioritized?
NI sdaswani: note he's on PTO atm. Snorp, will your team prioritize this and work on it? I want to make sure this isn't forgotten because it sounds like an important regression to fix. If not, please NI me again.
Flags: needinfo?(snorp)
Flags: needinfo?(sdaswani)
Priority: -- → P1
Dylan said he'd take a look.
Assignee: nobody → droeh
Flags: needinfo?(snorp)
Jim, I narrowed this down to your patches for bug 1453537, but nothing is immediately jumping out at me. Any ideas/suggestions?
Flags: needinfo?(nchen)
The prompt is displayed at [1], so seems like a good start is to debug `onSecurityChange` calls and how its behavior changed. [1] https://searchfox.org/mozilla-central/rev/11a2ae294f50049e12515b5821f5a396d951aacb/mobile/android/base/java/org/mozilla/gecko/webapps/WebAppActivity.java#117
Flags: needinfo?(nchen)
Clearing NI as it seems to be a platform issues and/or assigned, feel free to re-add me if necessary.
Flags: needinfo?(sdaswani)
It looks like the issue is the removal of browser.stop() from startup() in geckoview.js; without that we (for some reason) get a bogus initial onSecurityChange which causes us to exit the PWA.
Attachment #8971227 - Flags: review?(nchen)
Comment on attachment 8971227 [details] [diff] [review] Revert a GV change to fix PWA bustage Review of attachment 8971227 [details] [diff] [review]: ----------------------------------------------------------------- We want the initial load for consistency with e10s. We should just ignore the onSecurityChange call for the about:blank load.
Attachment #8971227 - Flags: review?(nchen) → review-
I would *really* like to kill the initial about:blank nonsense. Apparently, this is difficult. Bug 1447406 has some stuff on that.
Fair enough, let's just not fire onSecurityChange for that load.
Attachment #8971227 - Attachment is obsolete: true
Attachment #8971430 - Flags: review?(nchen)
Comment on attachment 8971430 [details] [diff] [review] Don't fire onSecurityChange for about:blank Review of attachment 8971430 [details] [diff] [review]: ----------------------------------------------------------------- ::: mobile/android/modules/geckoview/GeckoViewProgress.jsm @@ +250,5 @@ > return; > } > > + // Don't fire onSecurityChanged for about:blank loads. > + if (aRequest.QueryInterface(Ci.nsIChannel).URI.displaySpec === "about:blank") { Wouldn't this disable `onSecurityChange` for all "about:blank" loads? We only want to disable the first one, otherwise if the user explicitly loads "about:blank", they will be left with stale security information.
I suggest just putting the workaround in WebAppActivity itself.
Attachment #8971430 - Attachment is obsolete: true
Attachment #8971430 - Flags: review?(nchen)
Attachment #8971621 - Flags: review?(nchen)
Comment on attachment 8971621 [details] [diff] [review] Ignore first about:blank load for PWAs. Review of attachment 8971621 [details] [diff] [review]: ----------------------------------------------------------------- ::: mobile/android/base/java/org/mozilla/gecko/webapps/WebAppActivity.java @@ +114,5 @@ > > @Override > public void onSecurityChange(GeckoSession session, SecurityInformation security) { > + // We want to ignore the extraneous first about:blank load > + if (mIsFirstLoad) { Check that |security.origin| starts with "moz-nullprincipal:", which should be true for about:blank
Attachment #8971621 - Flags: review?(nchen) → review+
Pushed by droeh@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/9ebd471b8e07 Ignore onSecurityChange for initial about:blank load in PWAs. r=jchen
https://hg.mozilla.org/mozilla-central/rev/9ebd471b8e07
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox61: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 61
Flags: needinfo?(cnevinchen) → qe-verify+
Verified as fixed on Beta 61.0b3. Devices: Sony Xperia Z2 (Android 6.0.1) Samsung Galaxy Note 8 (Android 7.1.1)
status-firefox61: fixedverified
Flags: qe-verify+
Status: RESOLVED → VERIFIED
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: