Closed Bug 1886184 Opened 7 months ago Closed 5 months ago

Provide a way to set Exceptions only for HTTPS-First and not HTTPS-Only

Categories

(Core :: DOM: Security, task, P3)

task

Tracking

()

RESOLVED FIXED
128 Branch
Tracking Status
firefox128 --- fixed

People

(Reporter: maltejur, Assigned: maltejur)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

The current mechanism for setting exceptions for HTTPS-Only/First doesn't differentiate between the two. This becomes a problem in these two cases:

  1. We want to automatically add a temporary HTTPS-First exception when a HTTPS-First upgrade fails (Bug 1884921), but that exception should not apply to HTTPS-Only.
  2. We want to add default exceptions for sites that are broken with HTTPS-First (Bug 1816449), but we obviously still want a HTTPS-Only warning on these pages.

For the first point, we could implement clearing temporary exceptions when the user switches between HTTPS-First and HTTPS-Only, but that won't work when the user has HTTPS-First enabled in normal browsing and HTTPS-Only in PBM, and is using both simultaneously.

Assignee: nobody → mjurgens
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Attachment #9393282 - Attachment is obsolete: true
Attachment #9393281 - Attachment description: WIP: Bug 1886184 - Add HTTPS-Only Permission Types exclusively for HTTPS-First r?freddyb!,simonf!,#permissions-reviewers! → Bug 1886184 - Add HTTPS-Only Permission Types exclusively for HTTPS-First r?freddyb!,simonf!,#permissions-reviewers!
Pushed by mjurgens@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c4d16def2caf Add HTTPS-Only Permission Types exclusively for HTTPS-First r=freddyb,simonf
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: