HTTPS-Only mode gets stuck in a loop if website uses a HTTPS meta refresh to redirect to HTTP
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: ke5trel, Assigned: ckerschb)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
STR:
- Enable HTTPS-Only mode.
- Visit http://pythontutor.com
Loading loops continuously due to the HTTPS page using a meta refresh to redirect to HTTP.
<meta http-equiv="REFRESH" content="0;url=http://pythontutor.com/index.html">
Assignee | ||
Comment 1•3 years ago
|
||
Not really sure why a page would do that but it's a legit bug, thanks for reporting. I guess we need find a way to break loops of upgrades/downgrades. We have a similar bug where JS redirects back to HTTP and HTTPS-Only tries to upgrade again.
Comment 3•3 years ago
|
||
A scripted "redirect" would lead to the same kind of loop and will need the same fix -- some way to detect and kill the loop, like the networking code detects an excessive number of 30x redirects. Then we could show the "try the HTTP version instead?" interstitial
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 4•3 years ago
|
||
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/37aae4f2c6cf Break endless upgrade downgrade loops when using https-only r=necko-reviewers,valentin,JulianWels
Backout by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/37181c10ee52 Backed out changeset 37aae4f2c6cf for test_break_endless_upgrade_downgrade_loop.html failures CLOSED TREE
Comment 7•3 years ago
|
||
Backed out changeset 37aae4f2c6cf (bug 1691888) for test_break_endless_upgrade_downgrade_loop.html failures.
Backout link: https://hg.mozilla.org/integration/autoland/rev/37181c10ee52c4daee0117db0c7cc97a7089e0e4
Failure log: https://treeherder.mozilla.org/logviewer?job_id=332650683&repo=autoland&lineNumber=3653
[task 2021-03-10T08:24:12.113Z] 08:24:12 INFO - SimpleTest START
[task 2021-03-10T08:24:12.114Z] 08:24:12 INFO - TEST-START | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html
[task 2021-03-10T08:24:22.205Z] 08:24:22 INFO - Buffered messages logged at 08:24:11
[task 2021-03-10T08:24:22.206Z] 08:24:22 INFO - TEST-PASS | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | A valid string reason is expected
[task 2021-03-10T08:24:22.206Z] 08:24:22 INFO - TEST-PASS | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | Reason cannot be empty
[task 2021-03-10T08:24:22.206Z] 08:24:22 INFO - Buffered messages logged at 08:24:12
[task 2021-03-10T08:24:22.207Z] 08:24:22 INFO - TEST-FAIL | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | The author of the test has indicated that flaky timeouts are expected. Reason: We need to wait for the HTTPS-Only error page to appear
[task 2021-03-10T08:24:22.207Z] 08:24:22 INFO - Buffered messages finished
[task 2021-03-10T08:24:22.207Z] 08:24:22 WARNING - TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | the error page should be shown for test1 - false == true - got false, expected true (operator ==)
[task 2021-03-10T08:24:22.207Z] 08:24:22 INFO - ok@resource://specialpowers/SpecialPowersSandbox.jsm:87:21
[task 2021-03-10T08:24:22.207Z] 08:24:22 INFO - verifyResult@http://mochi.test:8888/tests/dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html:40:5
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - execute@resource://specialpowers/SpecialPowersSandbox.jsm:141:12
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - _spawnTask@resource://specialpowers/SpecialPowersChild.jsm:1611:15
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - receiveMessage@resource://specialpowers/SpecialPowersChild.jsm:310:21
[task 2021-03-10T08:24:22.208Z] 08:24:22 WARNING - TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | the error page should be shown for test2 - false == true - got false, expected true (operator ==)
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - ok@resource://specialpowers/SpecialPowersSandbox.jsm:87:21
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - verifyResult@http://mochi.test:8888/tests/dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html:40:5
[task 2021-03-10T08:24:22.208Z] 08:24:22 INFO - execute@resource://specialpowers/SpecialPowersSandbox.jsm:141:12
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - _spawnTask@resource://specialpowers/SpecialPowersChild.jsm:1611:15
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - receiveMessage@resource://specialpowers/SpecialPowersChild.jsm:310:21
[task 2021-03-10T08:24:22.209Z] 08:24:22 WARNING - TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | the error page should be shown for test3 - false == true - got false, expected true (operator ==)
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - ok@resource://specialpowers/SpecialPowersSandbox.jsm:87:21
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - verifyResult@http://mochi.test:8888/tests/dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html:40:5
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - execute@resource://specialpowers/SpecialPowersSandbox.jsm:141:12
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - _spawnTask@resource://specialpowers/SpecialPowersChild.jsm:1611:15
[task 2021-03-10T08:24:22.209Z] 08:24:22 INFO - receiveMessage@resource://specialpowers/SpecialPowersChild.jsm:310:21
[task 2021-03-10T08:24:22.210Z] 08:24:22 INFO - TEST-OK | dom/security/test/https-only/test_break_endless_upgrade_downgrade_loop.html | took 6774ms
Assignee | ||
Comment 9•3 years ago
|
||
Don't know how to best move forward - seems to fail on Android even with my proposed fix:
https://treeherder.mozilla.org/jobs?repo=try&revision=e3d55ecad58f0a1d3a24d959cb8c3e3455d4625a&selectedTaskRun=cn0_WssqQHq6rWdujMqc2Q.0
Comment 10•3 years ago
|
||
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/ab8040e6f05c Break endless upgrade downgrade loops when using https-only r=necko-reviewers,valentin,JulianWels
Comment 11•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Description
•