the "Visit Site" and "Add permanent exception" buttons from the Untrusted Connection page don't seem to work. Steps to reproduce: - Go to https://people.mozilla.org , you should get the Untrusted Connection page - Tap on "I Understand the Risks" - Tap on the "Visit site" or the "Add permanent exception" button. Expected result: - the https://people.mozilla.org page gets shown Actual result: - The Untusted Connection page stays visible.
This seems to work for me in the latest nightly.
It seems to work better now, at least the first time, but I can still reproduce this with this new steps to reproduce: - Go to https://people.mozilla.org , you should get the Untrusted Connection page - Tap on "I Understand the Risks" - Tap on the "Visit site", now you should get to the page that says "people.mozilla.com" - Exit the browser, by going to the menu and tap on "Quit" - Restart the browser - Go to https://people.mozilla.org again, you should get the Untrusted Connection page again - Tap on "I Understand the Risks" - Tap on the "Visit site" button Expected result: - You should get to the page that says "people.mozilla.com" Actual result: - Stuck on the Untrusted Connection page again.
Martjin - Does "visit site" only create a temporary exception/ So if you quit fennec and restart, we forget the exception, right?
Yes, that is what "visit site" does. For some reason, the second time visiting, the temporary exception is not set or something.
Re-assigning to Margaret since Matt is focused on the Add-on Manager
I'm having trouble re-producing this. After quitting and restarting, going to https://people.mozilla.org just automatically goes to the site without showing me the Untrusted Connection page again.
That shouldn't happen, after quitting, you shouldn't automatically go to the site, only if you've tapped on the "Add permanent exception" button. I guess the bug has changed in something else.
It looks like this is a longstanding issue that is also present in Desktop Firefox. When the certificate is temporarily accepted, the page gets cached. When you quit and reopen the browser, it will go straight to the site as margaret mentioned in comment 7 (since it is simply showing the cached page). Reloading the page again shows the warning. The "Visit site" button is broken for the same reason: we do an XHR request for the page in exceptions.js, and we expect to catch an error so we can get the SSL status. However, since we're getting the cached page, we'll simply get an HTTP 200, and the notifyCertProblem() callback won't get executed. This results in SSLStatus in _addOverride() being null, which breaks when we try to access SSLStatus.serverCert.