Closed Bug 1793905 Opened 2 years ago Closed 2 years ago

Not able to Lock HTTPS-only preferences

Categories

(Toolkit :: Preferences, defect, P1)

Product:
Toolkit
Component:
Preferences
Version:
Firefox 102
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- verified
firefox108 --- verified

People

(Reporter: mozilla-bugzilla, Assigned: mkaply)

References

Details

Attachments

(1 file)

Bug 1793905 - Disable HTTPS only preferences when locked. r?#preferences-reviewers
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr102+
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42

Steps to reproduce:

This bug is in reference to bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1793742

We enabled the following settings via GPO/Preferences:

"dom.security_https_only_mode": { "Value": true, "Status": "locked" },
"dom.security.https_only_mode_ever_enabled": { "Value": true, "Status": "locked" }

Actual results:

The settings were enabled, but not locked (user is still able to disable them).

Expected results:

User will not be able to change https-only-mode.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Security
Product: Firefox → Core
Component: DOM: Security → Preferences
Product: Core → Toolkit
See Also: → 1793742
Assignee: nobody → mozilla
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Looks like mkaply is on this, so setting to P1.

Severity: -- → S3
Priority: -- → P1
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/73e448666aed
Disable HTTPS only preferences when locked. r=settings-reviewers,Gijs,mconley

https://hg.mozilla.org/mozilla-central/rev/73e448666aed

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox108: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
Flags: qe-verify+

Reproduced the initial issue using old Nightly from 2022-10-06, and verified that the options from about:preferences are now greyed out while having the policies from comment 0 (both using .json and GPO) using Firefox 108.0b3 on Windows 10.

Status: RESOLVED → VERIFIED
status-firefox108: fixedverified
Flags: qe-verify+

Comment on attachment 9300357 [details]
Bug 1793905 - Disable HTTPS only preferences when locked. r?#preferences-reviewers

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Parity with Firefox
  • User impact if declined: Prefs aren't locked in the UI
  • Fix Landed on Version: 108
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Only affects locked prefs.
Attachment #9300357 - Flags: approval-mozilla-esr102?

Comment on attachment 9300357 [details]
Bug 1793905 - Disable HTTPS only preferences when locked. r?#preferences-reviewers

Approved for 102.7esr.

Attachment #9300357 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+

Also verified that this is fixed using Firefox 102.7.0esr, the options are changed and locked and http websites are forced to switch to https.

status-firefox-esr102: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: