Not able to Lock HTTPS-only preferences
Categories
(Toolkit :: Preferences, defect, P1)
Tracking
()
People
(Reporter: mozilla-bugzilla, Assigned: mkaply)
References
Details
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr102+
|
Details | Review |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42
Steps to reproduce:
This bug is in reference to bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1793742
We enabled the following settings via GPO/Preferences:
"dom.security_https_only_mode": { "Value": true, "Status": "locked" },
"dom.security.https_only_mode_ever_enabled": { "Value": true, "Status": "locked" }
Actual results:
The settings were enabled, but not locked (user is still able to disable them).
Expected results:
User will not be able to change https-only-mode.
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Looks like mkaply is on this, so setting to P1.
Assignee | ||
Comment 3•2 years ago
|
||
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/73e448666aed Disable HTTPS only preferences when locked. r=settings-reviewers,Gijs,mconley
Comment 5•2 years ago
|
||
bugherder |
Updated•1 year ago
|
Comment 6•1 year ago
|
||
Reproduced the initial issue using old Nightly from 2022-10-06, and verified that the options from about:preferences are now greyed out while having the policies from comment 0 (both using .json and GPO) using Firefox 108.0b3 on Windows 10.
Assignee | ||
Comment 7•1 year ago
|
||
Comment on attachment 9300357 [details]
Bug 1793905 - Disable HTTPS only preferences when locked. r?#preferences-reviewers
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Parity with Firefox
- User impact if declined: Prefs aren't locked in the UI
- Fix Landed on Version: 108
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Only affects locked prefs.
Comment 8•1 year ago
|
||
Comment on attachment 9300357 [details]
Bug 1793905 - Disable HTTPS only preferences when locked. r?#preferences-reviewers
Approved for 102.7esr.
Comment 9•1 year ago
|
||
bugherder uplift |
Comment 10•1 year ago
|
||
Also verified that this is fixed using Firefox 102.7.0esr, the options are changed and locked and http websites are forced to switch to https.
Description
•