Going back from a https-only error will present another ssl error
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: petru, Assigned: owlish)
References
(Regression, )
Details
(Keywords: regression, Whiteboard: [domsecurity-active] [geckoview:m104])
Attachments
(2 files)
Issue seen on klimaentscheid-leipzig.org
STRs:
- Load
klimaentscheid-leipzig.org
in a new tab
(You should get the https-only error) - Tap continue
- click to go back in history
Expected:
- No error. If http-only is disabled accessing
klimaentscheid-leipzig.org
presents no error.
Actual:
- unsecure connection error.
The same happens on Fenix and on desktop.
Comment 1•2 years ago
|
||
I can reproduce this bug in Firefox 98 and 100 on Windows 11, but not in ESR 91.7.1. That suggests this bug is a regression between 92-98.
Comment 2•2 years ago
|
||
owlish, I bisected this regression to the following pushlog with your fix for HTTPS-Only Mode bug 1697866 in v94:
Even though that fix was a GeckoView change, the regression is reproducible in Firefox desktop.
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 3•2 years ago
|
||
Set release status flags based on info from the regressing bug 1697866
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Comment 4•2 years ago
•
|
||
Carrying this bug forward from GV 101 to 102 because fixing this bug is still a high priority, but unassigning Irene for now because she's currently working on some other bugs for 102.
Comment 5•2 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #4)
Carrying this bug forward from GV 101 to 102 because fixing this crash is still a high priority, but unassigning Irene for now because she's currently working on some other bugs for 102.
I suppose that's not a P1 then, thanks Chris.
Comment 6•2 years ago
|
||
I'm removing the GeckoView whiteboard tags because this bug affects both Android and desktop. This is not a GeckoView bug.
Updated•2 years ago
|
Comment 7•2 years ago
|
||
Christoph, is there a fix planned for 103? Thanks
Comment 8•2 years ago
|
||
(In reply to Pascal Chevrel:pascalc from comment #7)
Christoph, is there a fix planned for 103? Thanks
No, not for 103 as I know.
Irene, any chance you could take a look?
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 10•2 years ago
|
||
Irene says this bug affects desktop and mobile. She's working on it now.
Updated•2 years ago
|
Assignee | ||
Comment 11•2 years ago
|
||
Before this patch, we would set REPLACE_HISTORY loading flag by calling SetLoadFlags which did not result in replacing history item and would add a new history item instead. That would lead to SSL error if navigating back after https-only error bypass. This patch corrects that by setting the flag on the load type instead (that is what used to happen under the hood before patch for 1697866 was merged)
Updated•2 years ago
|
Comment 12•2 years ago
|
||
Pushed by istorozhko@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7311dd61d853 Set loading flag in correct place to make sure the history item is replaced after bypassing https-only error r=nika
Comment 13•2 years ago
|
||
bugherder |
Updated•2 years ago
|
Updated•2 years ago
|
Description
•