HTTPS-Only: Consider using a different exception page
Categories
(Core :: DOM: Security, task, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox83 | --- | fixed |
People
(Reporter: ckerschb, Assigned: julianwels)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
Currently, we rely on an exception page for https-only mode that is very similar to certificate errors. Maybe we should change that so people do not get numb to clicking through exceptions.
Better would be to use a page with the https-only logo on it that is specifically crafted for https-only. The text itself is fine, but the style should change.
Reporter | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
Pushed by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b2847ee96340 Updated HTTPS-Only Mode error page UX. r=desktop-theme-reviewers,ckerschb,fluent-reviewers,ntim
Comment 3•4 years ago
|
||
Backed out for causing browser_errorpage_timeout failures
Backout link: https://hg.mozilla.org/integration/autoland/rev/9bba4662a1dd4b700bdf6c42f1f4d22b1ce127a3
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=318836609&repo=autoland&lineNumber=6645
INFO - TEST-START | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js
[task 2020-10-16T13:36:34.881Z] 13:36:34 INFO - GECKO(2056) | JavaScript error: , line 0: uncaught exception: undefined
[task 2020-10-16T13:36:34.888Z] 13:36:34 INFO - TEST-INFO | started process screenshot
[task 2020-10-16T13:36:34.948Z] 13:36:34 INFO - TEST-INFO | screenshot: exit 0
[task 2020-10-16T13:36:34.949Z] 13:36:34 INFO - Buffered messages logged at 13:36:31
[task 2020-10-16T13:36:34.949Z] 13:36:34 INFO - Entering test bound
[task 2020-10-16T13:36:34.950Z] 13:36:34 INFO - Leaving test bound
[task 2020-10-16T13:36:34.950Z] 13:36:34 INFO - Entering test bound avoid_timeout_and_show_https_only_error_page
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Console message: [JavaScript Warning: "HTTPS-Only Mode: Upgrading insecure request “http://example.com/browser/toolkit/components/httpsonlyerror/tests/browser/file_errorpage_timeout_server.sjs” to use “https”."]
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Buffered messages logged at 13:36:34
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Console message: [JavaScript Error: "HTTPS-Only Mode: Upgrading insecure request “https://example.com/browser/toolkit/components/httpsonlyerror/tests/browser/file_errorpage_timeout_server.sjs” failed. (M6-C14)"]
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Buffered messages finished
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js | Potential time-out in https-only mode should cause error page to appear! - false == true - got false, expected true (operator ==)
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Stack trace:
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - ok@resource://specialpowers/SpecialPowersSandbox.jsm:87:21
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - @chrome://mochitests/content/browser/toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js:43:9
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - execute@resource://specialpowers/SpecialPowersSandbox.jsm:141:12
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - _spawnTask@resource://specialpowers/SpecialPowersChild.jsm:1617:15
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - receiveMessage@resource://specialpowers/SpecialPowersChild.jsm:310:21
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - Leaving test bound avoid_timeout_and_show_https_only_error_page
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - Console message: [JavaScript Error: "uncaught exception: undefined"]
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - GECKO(2056) | MEMORY STAT | vsize 839MB | vsizeMaxContiguous 669MB | residentFast 253MB | heapAllocated 85MB
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - TEST-OK | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js | took 3428ms
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - checking window state
[task 2020-10-16T13:36:34.967Z] 13:36:34 INFO - TEST-START | toolkit/components/httpsonlyerror/tests/browser/browser_exception.js
Reporter | ||
Comment 4•4 years ago
|
||
You have updated the string about-httpsonly-button-accept-and-continue
to about-httpsonly-button-continue-to-site
. Now you also have to adjust that test:
https://searchfox.org/mozilla-central/source/toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js#43
Pushed by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6ea501547089 Updated HTTPS-Only Mode error page UX. r=desktop-theme-reviewers,ckerschb,fluent-reviewers,ntim
Comment 7•4 years ago
|
||
bugherder |
Description
•