Closed Bug 644783 Opened 9 years ago Closed 9 years ago

"Crashes per User" report does http form post (security warning)

Categories

(Socorro :: General, task)

task
Not set

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: rhelmer, Assigned: brandon)

Details

STR:
1) load https://crash-stats.mozilla.com/daily
2) click "Generate" button 

Expected:
everything goes better than expected

Actual:
Security Warning
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?
I think this is happening because the form post is to:

<form id="daily_search_version_form" name="daily_search_version_form" action="http://crash-stats.mozilla.com/daily" method="get" >

Any reason action couldn't = "/daily" instead?
Just using "/daily" should work; however, it appears that the issue here may be that we don't run "force_https = true" in production. Should we be?
OS: Linux → All
Hardware: x86_64 → All
Moving onto the 1.7.8 milestone.
Target Milestone: --- → 1.7.8
Assignee: nobody → bsavage
Rob, can you take a look at this and comment on this issue with what you think would be our best approach?
(In reply to comment #2)
> Just using "/daily" should work; however, it appears that the issue here may be
> that we don't run "force_https = true" in production. Should we be?

I just looked at the checked-in puppet configs for Socorro and I see that "force_https = true" is set (let me know if you need/want access to this, it's in a private SVN repo so need to know the specific URL):

$config['force_https'] = true;

(In reply to comment #4)
> Rob, can you take a look at this and comment on this issue with what you think
> would be our best approach?

Actually looking now I can't reproduce; it may have been coincidentally fixed since I noticed it:

            <form id="daily_search_version_form" name="daily_search_version_form" action="https://crash-stats.stage.mozilla.com/daily" method="get" >
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Component: Socorro → General
Product: Webtools → Socorro
You need to log in before you can comment on or make changes to this bug.