Closed Bug 1896691 Opened 1 year ago Closed 7 months ago

Detect https upgrade/downgrade redirect loops of JS and HTML meta redirects during downgrade, not upgrade.

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: manuel, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Manuel Bucher [:manuel]

Reporter

Description

•

1 year ago

•

Edited

This allows us to differentiate the first upgrade from the second one without relying on triggeringPrincipal. Simplifying the UpgradeDowngrade loop detection check. Follow up on Bug 1747230.

Likely done in DocumentLoadListener::OpenDocument. Pernosco session recording paths the redirects take: https://pernos.co/debug/0W0zGcI9dasXSFSs8XTF5g/index.html

Daniel Veditz [:dveditz]

Updated

•

1 year ago

Blocks: https-first-mode

Daniel Veditz [:dveditz]

Updated

•

1 year ago

Severity: -- → N/A

Whiteboard: [domsecurity-backlog2]

Malte Jürgens [:maltejur]

Updated

•

9 months ago

Updated

•

8 months ago

Priority: -- → P4

Frederik Braun [:freddy]

Updated

•

7 months ago

Status: NEW → RESOLVED

Closed: 7 months ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Detect https upgrade/downgrade redirect loops of JS and HTML meta redirects during downgrade, not upgrade.

Categories

(Core :: DOM: Security, task, P4)

Tracking

()

People

(Reporter: manuel, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated