"Exceptions - HTTPS-Only Mode" are ignored when setting "Always use private browsing mode".
Categories
(Core :: Permission Manager, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox117 | --- | verified |
People
(Reporter: suishouen, Assigned: maltejur, NeedInfo)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
- Go to the Preferences -> Privacy & Security -> HTTPS-Only Mode.
- Select Enable HTTPS-Only Mode in all windows.
- Click on Manage Exceptions...
- Add "http://forums.mozillazine.org/" to "Turn Off" and save changes.
- Go to the Preferences -> Privacy & Security -> History.
- Select "Always use private browsing mode".
- Quit and relaunch Firefox.
- Open "http://forums.mozillazine.org/".
Actual results:
HTTPS-Only Mode Alert: "Secure Connection Not Available" window shows.
Expected results:
"http://forums.mozillazine.org/" page shows.
|
||
Comment 1•4 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Comment 2•4 years ago
|
||
I believe this was the intent of bug 1680237 -- bouncing over there for further triage.
|
||
Comment 3•4 years ago
|
||
Whoever wants to tackle this can mirror what we did for cookie permissions, see https://searchfox.org/mozilla-central/source/extensions/permissions/PermissionManager.cpp#144
Note that this would also mean pre-loading the permission which is something we probably want to get rid of long term.
|
||
Updated•4 years ago
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 4•2 years ago
|
||
Do not isolate https-only-load-insecure by origin attributes. This way the HTTPS-Only exceptions will behave similar to the cookie permission. This means that exceptions set in the system settings will also apply to private windows, but exceptions set in private windows via the identity pane will be reset after closing the browser.
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Comment 6•2 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
Unfortunately I wasn’t able to reproduce this issue. I used the STR provided but every time I tried to reproduce I got the expected result on an affected build. Would you be so kind as to verify this fix on latest beta build? Thank you.
(In reply to Ardelean Oana, Desktop QA from comment #7)
Unfortunately I wasn’t able to reproduce this issue. I used the STR provided but every time I tried to reproduce I got the expected result on an affected build. Would you be so kind as to verify this fix on latest beta build? Thank you.
I can confirm that this bug has been resolved on the latest beta version 117.0b9.
Marked as verified based on Comment 8. Updating accordingly.
Description
•