Closed Bug 1671846 Opened 4 years ago Closed 4 years ago

Outreachy Contribution to HTTPS-Only Mode (Imali)

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: imaliesiera, Assigned: imaliesiera, Mentored)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(6 files)

This should be the expected website result
1.88 MB, image/png
Details
HTTPS mode enabled
303.66 KB, image/png
Details
Change URI
47 bytes, text/x-phabricator-request
Details | Review
Bug 1671846: Outreachy Contribution to HTTPS-Only (Imali)
47 bytes, text/x-phabricator-request
Details | Review
Bug 1671846: Outreachy Contribution to HTTPS-Only (Imali)
47 bytes, text/x-phabricator-request
Details | Review
Bug 1671846: Outreachy Contribution to HTTPS-Only (Imali)
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.80 Safari/537.36

Steps to reproduce:

-Launch NightlyDebug
-Enable 'HTTPS-Only Mode' (HOM) in the NightlyDebug browser from preferences window.
-Enter the URL: http:s//www.ardhi.go.ke/ (in the address bar)

Actual results:

The URL ('https://www.ardhi.go.ke/') to the website does not render and loads for more than 90 seconds without the expected results. Instead the connections times out after more than the 90 seconds.

Expected results:

The website should display the website as attached. The webmaster may have moved the website to the URL: 'https://lands.go.ke/'. The website URL :'https://www.ardhi.go.ke/'. In this case the error message should therefore be a 404 Error message otherwise redirect to 'https://lands.go.ke/'.

Attached image HTTPS mode enabled

HTTPS mode enabled on NightlyDebug

Blocks: https-only-mode
Assignee: nobody → imaliesiera
Mentor: ckerschb
Severity: -- → S4
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P4
Whiteboard: [domsecurity-active]
Version: Firefox 83 → unspecified
Type: defect → task

Your first contribution to HTTPS-Only

HTTPS-Only Mode upgrades every connection from http: to https:. If a web site does not support https:, then Firefox displays an error page. You can test this yourself when following these steps:

  • Start Firefox
  • Enable HTTPS-Only Mode (Enter about:preferences#privacy, scroll to the end of the page and "Enable HTTPS-Only Mode in all Windows")
  • Visit http.rip (and wait for 3 seconds)
  • The HTTPS-Only Error Page appears stating that the page http.rip does not support https.

In some cases however it's also possible that adding 'www' makes the https request succeed. To reproduce:

  • Start Firefox
  • Enable HTTPS-Only Mode
  • Visit http://speedofanimals.com (and wait for 3 seconds)
  • The HTTPS-Only Error Page appears stating that http://speedofanimals.com does not support https.
    However, if you enter http://www.speedofanimals.com (note the www) then the upgrading to https succeeds.

Here is the task: "Provide Suggestions in the HTTPS-Only error page what requests would succeed."
In detail, modify the HTML, CSS and JS in the HTTPS-Error Page ( errorpage.html, errorpage.js, aboutHttpsOnlyError.css ) by providing suggestions to the end user what request would succeed, e.g in that case adding 'www'.

In more detail, once the error page appears because upgrading to https does not succeed, you could query the URL from the page that HTTPS-Only Mode tried to upgrade (e.g. in our example from above http://speedofanimals.com).
Take that URL, add 'www' (e.g. http://www.speedofanimals.com) and perform a request (e.g. fetch request) to that page. If the server responds, then provide a link (e.g. a href="") in the error page which the end user could then click on.

Bonus points for making the newly added mechanism visually attractive to the end user.

Please upload your contribution in the form of a phabricator code patch to this Bug. To set up Phabricator please follow these instructions: https://wiki.mozilla.org/Phabricator

Good Luck!

Flags: needinfo?(imaliesiera)
Attached file Change URI

Initial commit

Copy source code

Obtain source code

Obtain source code

Comment out unwanted skin theme

Add title

Add headings

Add content to paragraph elements

Add content to list elements

Add explanation paragraphs

Add buttons

Link stylesheet

Link javascript

Add font links

Add div elements

Add warning-sign image

Add divs

Section elements

Reset browser styles

Add padding and margins to .container

Add background color and flex element to body

Add linear gradient background

Add font styles to headings

Delete background image to title

Center body content

Add flex to body content

Add typography and line-height to paragraphs

Add typography to list

Add height and margins to warning image

Add margin, color and text decoration to links

Add margin, color and text decoration to buttons

Add responsive design to body

Add responsive design to buttons

Add responsive design to paragraphs

Add responsive design to warning-image

Add function and comment unwanted functions

Depends on D95212

Closing as INACTIVE.

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(imaliesiera)
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: