Go to URL above, the form to post a comment has http://addons.mozilla.org/en-US/firefox/discussions/post.php as its target - it should use HTTPS however. To post the comment I need to accept two security warnings.
This will be because the Vanilla infrastructure isn't aware of the special magic moz-req-method header that the netscaler uses to tell us how we were requested.
Wenzel: did you enfixify this? I remember you were looking at it.
Target Milestone: --- → 3.2
Okay. I am sorry I was unable to figure out why the discussions lose the environment variable that's being set in the htaccess file. But I added the request header check from bootstrap to the discussions settings as well. This results in the POST urls getting built correctly.
Assignee: nobody → fwenzel
Created attachment 267711 [details] [diff] [review] Discussions https awareness Yet another punch into the face of the https handling. Shaver, please approve unless you have an idea how we can fix it otherwise.
Attachment #267711 - Flags: review?(shaver)
Comment on attachment 267711 [details] [diff] [review] Discussions https awareness r=shaver -- any idea how to test it? :)
Attachment #267711 - Flags: review?(shaver) → review+
well, we need to send a request with the (fake) Netscaler-style HTTPS request header and see if the URLs made by the discussions code are https://. I just notice, if you are not actually on a http connection, this "fake" request leaves all cake parts of the page with http:// anyway, but I think that's beyond the scope of this bug as it won't matter in production.
There you go. I did as I said and wrote a test for this, checking if the "next page" link is https when the NS HTTPS request header was sent. The actual fix and the test are both in SVN, r4413. Marking this fixed. Woot.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.