Closed
Bug 1720103
Opened 3 years ago
Closed 3 years ago
Https-first: Do not upgrade form submissions (for now)
Categories
(Core :: DOM: Security, task, P2)
Core
DOM: Security
Tracking
()
VERIFIED
FIXED
92 Branch
People
(Reporter: t.yavor, Assigned: t.yavor)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
No description provided.
|
||
Updated•3 years ago
|
Severity: -- → S3
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
|
Assignee | |
Updated•3 years ago
|
Summary: Test Https-first: Formular gets upgraded to https but site only supports http → Https-first: Formular get only upgraded if they aren't POST forms
|
|
Assignee | |
Comment 1•3 years ago
|
||
Test Https-first: Formular gets upgraded to https but site only supports http. r=ckerschb
|
||
Updated•3 years ago
|
Attachment #9231155 -
Attachment description: Bug 1720103 - → Bug 1720103 - Https-first: Formular get only upgraded if they aren't POST forms
|
|
||
Updated•3 years ago
|
Attachment #9231155 -
Attachment description: Bug 1720103 - Https-first: Formular get only upgraded if they aren't POST forms → Bug 1720103 -
|
|
||
Updated•3 years ago
|
Attachment #9231155 -
Attachment description: Bug 1720103 - → Bug 1720103 - Https-first: Do not upgrade form submissions (for now)
|
|
||
Updated•3 years ago
|
Attachment #9231155 -
Attachment description: Bug 1720103 - Https-first: Do not upgrade form submissions (for now) → Bug 1720103 -
|
|
||
Updated•3 years ago
|
Attachment #9231155 -
Attachment description: Bug 1720103 - → Bug 1720103 - Https-first: Do not upgrade form submissions (for now)
|
|
||
Updated•3 years ago
|
Summary: Https-first: Formular get only upgraded if they aren't POST forms → Https-first: Do not upgrade form submissions (for now)
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/0285a22b4d66 Https-first: Do not upgrade form submissions (for now) r=ckerschb
|
||
Comment 3•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox92:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
|
|
||
Comment 4•3 years ago
|
||
Comment on attachment 9231155 [details]
Bug 1720103 - Https-first: Do not upgrade form submissions (for now)
Beta/Release Uplift Approval Request
- User impact if declined: We are shipping HTTPS-First in PBM in Firefox 91. (See Bug 1716991). Through more intense testing we figured that form-submission are handled similar to top-level loads and we are slightly worried about a potential problem. To compensate we added this one small fix, so https-first mode does 'not' attempt to upgrade form submissions.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): We consider the risk 'low' since leaving form submissions out of scope for https-first mode is the default we are currently shipping.
- String changes made/needed:
Attachment #9231155 -
Flags: approval-mozilla-beta?
|
||
Comment 5•3 years ago
|
||
Comment on attachment 9231155 [details]
Bug 1720103 - Https-first: Do not upgrade form submissions (for now)
Approved for 91 beta 3, thanks.
Attachment #9231155 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 6•3 years ago
|
||
| bugherder uplift | ||
status-firefox91:
--- → fixed
|
||
Comment 7•3 years ago
|
||
Verified as fixed on the latest Nightly 92.0a1 and on Firefox 91 beta 5 - HTTP form submissions are not upgraded to HTTPS. Verified on macOS Big Sur 11.4, Ubuntu 20.04, and Windows 10 x64.
You need to log in
before you can comment on or make changes to this bug.
Description
•