Open Bug 1904837 Opened 3 months ago Updated 3 days ago

http:// scheme is displayed in address bar when request upgraded by HTTPS-First is loading

Categories

(Firefox :: Address Bar, task, P3)

Product:
Firefox
Component:
Address Bar
Type:
task

Tracking

()

People

(Reporter: maltejur, Unassigned, NeedInfo)

References

(Blocks 1 open bug)

Details

(Whiteboard: [sng])

Attachments

(1 file)

Screenshot_20240626_145459.png
122.13 KB, image/png
Details

To see what I mean, open httpstat.us/200?sleep=2000 in a configuration where dom.security.https_first_schemeless is enabled (this is the case in Nightly). You should see:

  • http://httpstat.us/200?sleep=2000 loading for 2s
  • When the site is completely loaded, the address bar should display httpstat.us/200?sleep=2000 instead (so a secure URL with https trimming enabled)

But in this case, we only do a external request to https://httpstat.us/200?sleep=2000, and not http://httpstat.us/200?sleep=2000. So I think we should probably not display the http:// scheme while the site is loading, and instead just omit the scheme (similar to what we did in Bug 1876513).

fwiw, Bug 1876513 was about the results panel, while this seems about what is shown in the input field.
I suspect changing the input field may have more complex implications, we must try.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [sng]

Hi Drew, is this going to be part of your big address bar project? It seems neither this bug nor the associated JIRA issue has had any significant activity in the past.

It's unlikely that we are going to be able to tackle this from the HTTPS Adoption folks.

Flags: needinfo?(adw)

We didn't consider this a blocker for the Scotch Bonnet redesign so far, because it's a temporary condition, and we've already shown no protocol in the panel, user expectations should be low. There's quite a few higher priority issues to address first for MVP.
Please let us know if you think this is a show-stopper kind of bug that can't wait.

Thinking about this, URIFixup defaults to http, to provide better support for intranet addresses, and schemeless attribute is passed down along with the request for upgrade. We should debug what is setting the http url here, if it is set by onLocationChange or some other pre-emptive code.

Anyway, I suspect it would end up being a visual hack for this specific schemeless-http case, that is likely to make the code more cumbersome.
Imo it would be much easier to address this issue by stripping both http AND https in the input field, that is something we want to do in the future (after Scotch Bonner), but we don't have a specific date.

Flags: needinfo?(adw) → needinfo?(fbraun)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: