Closed Bug 1658921 Opened 4 years ago Closed 4 years ago

HTTPS-Only: Consider using a different exception page

Categories

(Core :: DOM: Security, task, P2)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox83 --- fixed

People

(Reporter: ckerschb, Assigned: julianwels)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1658921 - Updated HTTPS-Only Mode error page UX.
47 bytes, text/x-phabricator-request
Details | Review

Currently, we rely on an exception page for https-only mode that is very similar to certificate errors. Maybe we should change that so people do not get numb to clicking through exceptions.

Better would be to use a page with the https-only logo on it that is specifically crafted for https-only. The text itself is fine, but the style should change.

Severity: -- → S4
Priority: -- → P2
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2847ee96340
Updated HTTPS-Only Mode error page UX. r=desktop-theme-reviewers,ckerschb,fluent-reviewers,ntim

Backed out for causing browser_errorpage_timeout failures

Backout link: https://hg.mozilla.org/integration/autoland/rev/9bba4662a1dd4b700bdf6c42f1f4d22b1ce127a3

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&collapsedPushes=803163&resultStatus=testfailed%2Cbusted%2Cexception%2Crunnable&revision=55c26a4f6bdc5d2e5a83f8b83b897730f868cf43&selectedTaskRun=aoKoBwbURSSMw-AOnRRcPw.0

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=318836609&repo=autoland&lineNumber=6645

INFO - TEST-START | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js
[task 2020-10-16T13:36:34.881Z] 13:36:34 INFO - GECKO(2056) | JavaScript error: , line 0: uncaught exception: undefined
[task 2020-10-16T13:36:34.888Z] 13:36:34 INFO - TEST-INFO | started process screenshot
[task 2020-10-16T13:36:34.948Z] 13:36:34 INFO - TEST-INFO | screenshot: exit 0
[task 2020-10-16T13:36:34.949Z] 13:36:34 INFO - Buffered messages logged at 13:36:31
[task 2020-10-16T13:36:34.949Z] 13:36:34 INFO - Entering test bound
[task 2020-10-16T13:36:34.950Z] 13:36:34 INFO - Leaving test bound
[task 2020-10-16T13:36:34.950Z] 13:36:34 INFO - Entering test bound avoid_timeout_and_show_https_only_error_page
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Console message: [JavaScript Warning: "HTTPS-Only Mode: Upgrading insecure request “http://example.com/browser/toolkit/components/httpsonlyerror/tests/browser/file_errorpage_timeout_server.sjs” to use “https”."]
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Buffered messages logged at 13:36:34
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Console message: [JavaScript Error: "HTTPS-Only Mode: Upgrading insecure request “https://example.com/browser/toolkit/components/httpsonlyerror/tests/browser/file_errorpage_timeout_server.sjs” failed. (M6-C14)"]
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Buffered messages finished
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js | Potential time-out in https-only mode should cause error page to appear! - false == true - got false, expected true (operator ==)
[task 2020-10-16T13:36:34.951Z] 13:36:34 INFO - Stack trace:
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - ok@resource://specialpowers/SpecialPowersSandbox.jsm:87:21
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - @chrome://mochitests/content/browser/toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js:43:9
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - execute@resource://specialpowers/SpecialPowersSandbox.jsm:141:12
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - _spawnTask@resource://specialpowers/SpecialPowersChild.jsm:1617:15
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - receiveMessage@resource://specialpowers/SpecialPowersChild.jsm:310:21
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - Leaving test bound avoid_timeout_and_show_https_only_error_page
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - Console message: [JavaScript Error: "uncaught exception: undefined"]
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - GECKO(2056) | MEMORY STAT | vsize 839MB | vsizeMaxContiguous 669MB | residentFast 253MB | heapAllocated 85MB
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - TEST-OK | toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js | took 3428ms
[task 2020-10-16T13:36:34.952Z] 13:36:34 INFO - checking window state
[task 2020-10-16T13:36:34.967Z] 13:36:34 INFO - TEST-START | toolkit/components/httpsonlyerror/tests/browser/browser_exception.js

Flags: needinfo?(julianwels)

You have updated the string about-httpsonly-button-accept-and-continue to about-httpsonly-button-continue-to-site. Now you also have to adjust that test:
https://searchfox.org/mozilla-central/source/toolkit/components/httpsonlyerror/tests/browser/browser_errorpage_timeout.js#43

Thank you, Christoph!

Flags: needinfo?(julianwels)
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6ea501547089
Updated HTTPS-Only Mode error page UX. r=desktop-theme-reviewers,ckerschb,fluent-reviewers,ntim

https://hg.mozilla.org/mozilla-central/rev/6ea501547089

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: