Closed Bug 1847918 Opened 1 year ago Closed 1 year ago

HTTPS-only mode is ignored when reopening closed tab

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Version:
Firefox 117
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 --- unaffected
firefox116 --- unaffected
firefox117 --- wontfix
firefox118 --- wontfix
firefox119 --- fixed

People

(Reporter: 6k64x4ma, Assigned: maltejur)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [domsecurity-active])

Attachments

(2 files, 1 obsolete file)

Kooha-2023-08-09-13-51-34.webm
1.47 MB, video/webm
Details
Bug 1847918 - Limit `nsDocShellLoadState::IsExemptFromHTTPSOnlyMode` to HTTPS-First r?freddyb
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0

Steps to reproduce:

  1. Set dom.security.https_only_mode to true.
  2. Go to http://http.badssl.com/ in the new tab. Secure Site Not Available page appears.
  3. Close the tab (ctrl + w).
  4. Reopen the tab (ctrl + shift + t).

Actual results:

http.badssl.com is loaded.

Expected results:

Loading HTTP site should be blocked.

Regression window
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=29a59c4a2f6ab17b86054f5d8c0d18893b0da18a&tochange=b242365f7a2f1101b3edf116b24ba5a2bac9bc7b

Flags: needinfo?(mjurgens)

I can not reproduce this on my end. I tested the latest Nightly, and mozilla-central builds from 2023-06-10 (before the commits you linked) and 2023-06-12 (after the commits you linked). I will attach a screen recording of my attempt.

Just to confirm, did you click the "Continue to HTTP Site" button? Because if you did, what you describe would be the expected behavior.

Flags: needinfo?(mjurgens) → needinfo?(6k64x4ma)

I didn't click the button.

On the latest Nightly with a new profile, I followed the exact same steps as you did in the screen recording, but http.badssl.com is loaded.

Flags: needinfo?(6k64x4ma)

I can reproduce the problem now. I tested the wrong date because I misread it, it should be 2023-07-12, not 2023-06-12, and it seems I did something wrong when testing it with Nightly originally, my bad.

Assignee: nobody → mjurgens
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: regression
Regressed by: 1838183
No longer regressed by: 1838183
Regressed by: 1839612

Thanks a lot for the report. This seems to be the code causing the page to load here.

See Also: → 1742899

The same issue is also happening with history navigation, so for example:

  1. Set dom.security.https_only_mode to true
  2. Open http://http.badssl.com
  3. In the same tab, open https://google.com
  4. Press the back button

Result: http://http.badssl.com is loaded via HTTP.
Expected: http://http.badssl.com should be prevented from loading.

Set release status flags based on info from the regressing bug 1839612

status-firefox116: --- → unaffected
status-firefox117: --- → affected
status-firefox118: --- → affected
status-firefox-esr102: --- → unaffected
status-firefox-esr115: --- → unaffected
Attachment #9348212 - Attachment description: WIP: Bug 1847918 - Limit nsILoadInfo::HTTPS_ONLY_EXEMPT_NEXT_LOAD to HTTPS-First → WIP: Bug 1847918 - Limit nsDocShellLoadState::IsExemptFromHTTPSOnlyMode to HTTPS-First r?freddyb
Attachment #9348212 - Attachment description: WIP: Bug 1847918 - Limit nsDocShellLoadState::IsExemptFromHTTPSOnlyMode to HTTPS-First r?freddyb → WIP: Bug 1847918 - Limit `nsDocShellLoadState::IsExemptFromHTTPSOnlyMode` to HTTPS-First r?freddyb
Attachment #9348212 - Attachment description: WIP: Bug 1847918 - Limit `nsDocShellLoadState::IsExemptFromHTTPSOnlyMode` to HTTPS-First r?freddyb → Bug 1847918 - Limit `nsDocShellLoadState::IsExemptFromHTTPSOnlyMode` to HTTPS-First r?freddyb
Severity: -- → S3
Priority: -- → P2
Whiteboard: [domsecurity-active]

Tom, IIUC, Freddy is on PTO at the moment. Do you have cycles to review this given that 117 goes to RC next week?

Flags: needinfo?(tom)

I'm sorry, with Freddy and Christoph out I think we're going to have to wait - I don't feel comfortable reviewing this.

Flags: needinfo?(tom)

Not likely to make Fx117 before it goes to RC in that case. We'll keep it on the radar for a dot release at least.

Set release status flags based on info from the regressing bug 1839612

status-firefox119: --- → affected

Malte, are you working on this one for a potential uplift or should it ride the trains?

Flags: needinfo?(mjurgens)
Flags: needinfo?(fbraun)

I probably want to get this uplifted, but it has to be reviewed first.

Flags: needinfo?(mjurgens)
Flags: needinfo?(fbraun)
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0dd2b360ae24 Limit `nsDocShellLoadState::IsExemptFromHTTPSOnlyMode` to HTTPS-First r=freddyb

https://hg.mozilla.org/mozilla-central/rev/0dd2b360ae24

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox119: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch

The patch landed in nightly and beta is affected.
:mjurgens, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox118 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(mjurgens)

nsDocShellLoadState::IsExemptFromHTTPSOnlyMode is currently only used by HTTPS-First. It is used for fixing upgrade-downgrade loops and when loading history entries, as when we already know if HTTPS-First succeeded there or not, we have no need for trying to upgrade again and can disable HTTPS-First. With the changes introduced by Bug 1839612, nsDocShellLoadState::IsExemptFromHTTPSOnlyMode also applies to HTTPS-Only, which is a problem because disabling HTTPS-Only for history entries will result in them potentially being loaded insecurely without the user setting an exception. As a solution this patch just applies nsILoadInfo::HTTPS_ONLY_EXEMPT_NEXT_LOAD, the flag being set when nsDocShellLoadState::IsExemptFromHTTPSOnlyMode is set, when HTTPS-First is enabled, and renames both flags to reflect that behavior.

Original Revision: https://phabricator.services.mozilla.com/D185829

Attachment #9352858 - Flags: approval-mozilla-beta?

Uplift Approval Request

  • String changes made/needed: none
  • Code covered by automated testing: yes
  • Risk associated with taking this patch: Medium
  • Is Android affected?: yes
  • Steps to reproduce for manual QE testing: -
  • User impact if declined: In the case of the user loading a HTTPS-Only error page from history, the error page will be skipped and Firefox will load the insecure site without asking the user.
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Explanation of risk level: The fix is limiting a certain flag to only have an effect when HTTPS-First, not HTTPS-Only is enabled. That flag is spread out arround the HTTPS-Only code, so if I missed a occurence of the flag being used in some edgecase, that coud possibly result in another HTTPS-Only or HTTPS-First regression.
Flags: needinfo?(mjurgens)

Comment on attachment 9352858 [details]
Bug 1847918 - Limit nsDocShellLoadState::IsExemptFromHTTPSOnlyMode to HTTPS-First

That's a S3 and a large patch with some risk of causing regressions, I think we should just let it ride the train as we are uilding our last beta tomorrow, we probably wouldn't have time left to find regressions before we ship 118, thanks.

Attachment #9352858 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Attachment #9352858 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: