Open Bug 1725390 Opened 3 years ago Updated 4 days ago

Ensure https-first handles downloads correctly

Categories

(Core :: DOM: Security, task, P1)

Product:

Component:

Type:

task

Priority:

P1

Severity:

S2

Tracking

()

Status:

NEW

Tracking Flags:

Tracking

Status

firefox-esr102

---

affected

firefox110

---

affected

firefox111

---

affected

People

(Reporter: ckerschb, Unassigned)

References

(Depends on 1 open bug, Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-active])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

3 years ago

Downloads are treated as TYPE_DOCUMENT which means that https-first tries to upgrade those. What happens if the download is not available over https?

We should write an automated test and investigate how we can handle that.

Updated

•

3 years ago

Flags: needinfo?(ckerschb)

Updated

•

3 years ago

Flags: needinfo?(ckerschb)

Updated

•

3 years ago

Depends on: 1745146

Updated

•

3 years ago

Depends on: 1745186

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

3 years ago

Depends on: 1745650

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

3 years ago

Depends on: 1739113

Updated

•

3 years ago

Depends on: 1746173

Updated

•

3 years ago

Depends on: 1749953

Updated

•

3 years ago

No longer depends on: 1739113

Frederik Braun [:freddy]

Updated

•

2 years ago

Duplicate of this bug: 1802640

Updated

•

2 years ago

status-firefox110: --- → affected

status-firefox111: --- → affected

status-firefox-esr102: --- → affected

Frederik Braun [:freddy]

Updated

•

1 year ago

Assignee: t.yavor → nobody

Status: ASSIGNED → NEW

Frederik Braun [:freddy]

Updated

•

1 year ago

Severity: S4 → S3

Frederik Braun [:freddy]

Comment 2

•

2 months ago

We should make sure this is in our HTTPS-First release.

Severity: S3 → S2

Frederik Braun [:freddy]

Updated

•

4 days ago

Blocks: 1921221

You need to log in before you can comment on or make changes to this bug.