Open Bug 1815805 Opened 2 years ago Updated 7 months ago

Fenix and Focus use "Nightly" branding in error page for x-frame-options failure, as well as `about:neterror?`

Categories

(Fenix :: Browser Engine, defect)

Product:
Fenix
Component:
Browser Engine
Platform:
All
Android
Type:
defect

Tracking

(Not tracked)

People

(Reporter: dholbert, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Attachments

(3 files)

testcase 1
287 bytes, text/html
Details
screenshot in Firefox 109.2.0 (release), showing "Nightly" branding in iframe error page
120.02 KB, image/png
Details
screenshot in Focus 109.2.0 (release), showing "Nightly" branding in iframe error page
124.24 KB, image/png
Details
Attached file testcase 1

STR:

  1. Load the attached testcase in Firefox release on Android, or in Focus on Android.
  2. Read the error message inside the iframes.

ACTUAL RESULTS:
The error message refers to the browser as Nightly.

EXPECTED RESULTS:
The error message should refer to the browser as Firefox or Focus.

This is UI that was added in bug 1461195, with the string defined here:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#97-99

It looks like { -brand-short-name } is the relevant string here. However: Firefox/Focus do expand the correct { -brand-short-name } string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/

So it seems like maybe we use the wrong/default "Nightly" token as { -brand-short-name } specifically when we're inside of an iframe for some reason, specifically on Android?

(In reply to Daniel Holbert [:dholbert] from comment #0)

It looks like { -brand-short-name } is the relevant string here. However: Firefox/Focus do expand the correct { -brand-short-name } string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/

(I won't bother to post screenshots of these other areas where -brand-short-name is resolving to the correct/expected string; you can take my word for it that this badssl cert-error page shows "Firefox" and "Firefox Focus" as-expected.)

That string for the properly-working cert-error page is defined here:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#19

vs. the string for the not-working x-frame-options error UI is here (a bit lower in the same file):
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#99

Both of those use { -brand-short-name }, spelled exactly the same way. Also, this works properly on Firefox for Desktop.

So it seems like maybe we use the wrong/default "Nightly" token as { -brand-short-name } specifically when we're inside of an iframe for some reason, specifically on Android?

Presumably we're (unexpectedly) falling back to the default value that's defined here in the "unofficial" branding file, which I assume is a global fallback maybe:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/browser/branding/unofficial/locales/en-US/brand.ftl#20

Flod, I wonder if you have any ideas about what could be going wrong here, or know who might be a good person to investigate?

Flags: needinfo?(francesco.lodolo)

Trying to redirect to Eemeli for confirmation, since he knows more about neterror and Fluent at this point.

(In reply to Daniel Holbert [:dholbert] from comment #0)

It looks like { -brand-short-name } is the relevant string here. However: Firefox/Focus do expand the correct { -brand-short-name } string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/

I believe what you're seeing is the corresponding string from an Android component (errorpages), which doesn't seem to have implemented the equivalent of bug 1461195. That would explain how we can display Firefox Focus/Klar, which mozilla-central doesn't know anything about.

The localization of GeckoView hasn't been exactly straightforward so far (see bug 1605358, and lack of interest/replies). I wouldn't be surprised that GV doesn't know how to deal with branding at all, and indeed falls back to unofficial.

Flags: needinfo?(francesco.lodolo) → needinfo?(earo)

Confirming this. I don't think it's the iframe part that's causing the issue, but something else about the error page on mobile browsers.

For a minimal reproduction, enter the address about:neterror? (including the terminal ?) on Firefox and/or Focus on Android, and observe that in all cases, including browsers that are otherwise localised, the fallback error is reported as:

Nightly can't load this page for some reason.

That's effectively a hack to get around the usual error display that's used on Android, by relying on the way we internally pass variables via query parameters; this is what the iframed errors end up using as well. On desktop, the error is localized and uses the right brand name.

Adding links to a couple of related bugs.

Flags: needinfo?(earo)
See Also: → 1692578, 1810039
Summary: Firefox and Fenix use "Nightly" branding in error page for x-frame-options failure → Firefox and Fenix use "Nightly" branding in error page for x-frame-options failure, as well as `about:neterror?`
Summary: Firefox and Fenix use "Nightly" branding in error page for x-frame-options failure, as well as `about:neterror?` → Fenix and Focus use "Nightly" branding in error page for x-frame-options failure, as well as `about:neterror?`

The severity field is not set for this bug.
:cpeterson, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(cpeterson)
Flags: needinfo?(cpeterson)
See Also: → 1807603
Severity: -- → S4
Component: General → Browser Engine
Depends on: 1692578
See Also: 1692578
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: