Closed
Bug 796057
Opened 12 years ago
Closed 12 years ago
Change links to download.mozilla.org to HTTPS://
Categories
(www.mozilla.org :: Pages & Content, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
Future
People
(Reporter: cmore, Assigned: craigcook)
References
Details
(Whiteboard: u=dev c=downloads p=3 r=109624)
We should change all links to download.mozilla.org to be to https:// instead of http://. Most of the changes will be on /products/download.html to pop the JavaScript box or show the download buttons with JavaScript disabled. SSL should be enabled on download.mozilla.org today (2012-10-01 per bug 795439) and this can be done anytime SSL is enabled. This is for the stub installer project, but this specific change is not blocked by anyone other than IT enabling SSL.
|
||
Comment 2•12 years ago
|
||
We need some QA on this. Specifically, there is some concern that some older browsers (notably IE6) will throw a warning if an HTTPS site redirects to an HTTP site. A connection to bouncer over https://, which subsequently returns an http:// link to a mirror/CDN would potentially trigger this. This is resolved as moot only if we're able to move all installers to an SSL mirror... but even then there's a fallback situation to think about. If no SSL mirrors are available, we'd probably still prefer to serve downloads over non-SSL (as compared to not serving downloads at all). QA testing is relatively straightforward. We need to make sure links like this: https://download.mozilla.org/?product=firefox-15.0.1&os=osx&lang=en-US don't result in error pages/pop-ups on any browser major browser (specifically IE6). If they do, we need to rethink this before we deploy any changes... or be willing to accept the consequences for those users.
|
||
Updated•12 years ago
|
Priority: -- → P1
Whiteboard: u=dev c=downloads p=3
Target Milestone: --- → Future
|
||
Comment 3•12 years ago
|
||
The only thing I have found so far is the insecure content dialog in IE6 http://cl.ly/image/3f1f3m0T2y31
|
Reporter | |
Comment 4•12 years ago
|
||
Should be an easily change here: http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/download.html?view=markup Line 316. Change from http to https
|
|
||
Comment 5•12 years ago
|
||
The dialog is shown when you first visit the site and also when you click the download Firefox. We need to fix this
|
|
Reporter | |
Comment 6•12 years ago
|
||
(In reply to raymond [:retornam] from comment #3) > The only thing I have found so far is the insecure content dialog in IE6 > http://cl.ly/image/3f1f3m0T2y31 Do you have an idea of where the http/https mix is coming from? Where is the absolute URL to an HTTP page resource (probably image) is coming from when the site is on https?
|
||
Comment 7•12 years ago
|
||
There's just one occurrence of download.mozilla.org in Bedrock: apps/mozorg/helpers.py: 'direct': 'http://download.mozilla.org/', (this is the important one, I'm guessing) There's a bunch in the product-details files too, like mobile_details.json -- not sure what generates that, nor what uses it.
|
|
||
Comment 8•12 years ago
|
||
(In reply to Chris More [:cmore] from comment #4) > Should be an easily change here: > > http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/ > download.html?view=markup > > Line 316. Change from http to https Craig is looking into making the change. Craig, let us know if anything needs clarifying or you need more info.
Assignee: nobody → craigcook.bugz
|
||
Comment 9•12 years ago
|
||
(In reply to Mike Alexis [:malexis] from comment #8) > (In reply to Chris More [:cmore] from comment #4) > > Should be an easily change here: > > > > http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/ > > download.html?view=markup > > > > Line 316. Change from http to https > > Craig is looking into making the change. > > Craig, let us know if anything needs clarifying or you need more info. There is a dozen more occurences of download.mozilla.org on the php site: js/mozilla-language-search.js 219: var href = 'http://download.mozilla.org/?product=firefox-' + this.version + js/download.old.js 155: return "http://download.mozilla.org/?product="; 159:// The optional boolean is used when we want to get the download.mozilla.org js/download-transition-l10n.js 102: // 2. Build download.mozilla.org URL out of those vars. 103: download_url = "http://download.mozilla.org/?product="; 127: // 5. automatically start the download of the file at the constructed download.mozilla.org URL js/download.js 138: // local page instead of the download.mozilla.org hostname. 144: if (temp[0].indexOf('http://download.mozilla.org') == 0) { en-US/firefox/unsupported-systems.html 48: // Build download.mozilla.org URL out of those vars. 49: download_url = "http://download.mozilla.org/?product="; en-US/products/download.html 144: // This will make all links go directly to download.mozilla.org 166: // This will make all links go directly to download.mozilla.org 315: // 2. Build download.mozilla.org URL out of those vars. 316: download_url = "http://download.mozilla.org/?product="; includes/l10n/download-transition-pages.inc.php 28:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}"; includes/l10n/libs/class.download.php 243: $_extra_link_attr .= 'onclick="javascript:init_download(\''."http://download.mozilla.org/?product={$_product}-{$_current_version}&os={$_os_shortname}&lang={$locale}".'\');"'; includes/l10n/download-transition-pages-newbranding.inc.php 30:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}";
|
Assignee | |
Comment 10•12 years ago
|
||
Links updated in r109624
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: u=dev c=downloads p=3 → u=dev c=downloads p=3 r=109624
|
||
Comment 11•12 years ago
|
||
Commits pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/d1f6f38a4e8e20e6839ea9ff8185eeb6fe38969c Bug 796057 - switch download links to https https://github.com/mozilla/bedrock/commit/f30a294f2c29d76122c4818f0e88d49a5210316a Merge pull request #398 from craigcook/master Bug 796057 - switch download links to https
|
|
Assignee | |
Comment 12•12 years ago
|
||
Bedrock has been pushed to production. PHP changes merged to tags/production in r109657 so it should be updated within a few minutes.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 13•12 years ago
|
||
Prod push was reverted in r109658 due to a bad merge, will resolve once it's merged again.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 14•12 years ago
|
||
Committed to tags/production in r109663.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
|
|
||
Comment 15•12 years ago
|
||
Committed small fixes to stage in r109667 and prod in r109668 to remove some Aurora-tweet-promo text that accidentally got included in the merge.
You need to log in
before you can comment on or make changes to this bug.
Description
•