Closed Bug 840678 Opened 11 years ago Closed 11 years ago

Use HTTPS instead of HTTP for input.mozilla.org submissions

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 22

People

(Reporter: briansmith, Assigned: raymondlee)

References

Details

(Keywords: privacy)

Attachments

(1 file, 4 obsolete files)

Patch for check-in
931 bytes, patch
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #771788 +++

Steps to reproduce:

Go to about:config
Search for : http://


Actual results:

[...]
extensions.input.brokenURL;http://input.mozilla.com/feedback#broken
extensions.input.happyURL;http://input.mozilla.com/happy
extensions.input.ideaURL;http://input.mozilla.com/feedback#idea
extensions.input.sadURL;http://input.mozilla.com/sad
[...]

Expected results:

The secure HTTPS protocol should have been used, not the insecure HTTP protocol.
I don't understand this bug. Doesn't seem like anything we can fix in the input.mozilla.org site. Shouldn't this be a Firefox bug and not an Input bug? Or am I missing something?
This is, indeed, a Firefox bug. This component is for the Input Server Software.
Component: Submission → General
Product: Input → Firefox
Will, James, do you object to Firefox changing the URLs to "https://"? Could you verify that https://input.mozilla.org will work OK?
(In reply to Brian Smith (:bsmith) from comment #3)
> Will, James, do you object to Firefox changing the URLs to "https://"? Could
> you verify that https://input.mozilla.org will work OK?

It works great. In fact, I was surprised that http:// doesn't redirect and we don't send HSTS headers.
Brian, Android has a different set of URLs (starting with m.). I didn't see a blocker to bug 771788 specifically for Android.
Attached patch v1 (obsolete) — Splinter Review 
http://mxr.mozilla.org/mozilla-central/search?string=input.mozilla.com

I see there some places in the following directories which use HTTP instead of HTTPS.  Should we update them as well?
/b2g/app/
/mobile/android/app/profile/extensions/feedback@mobile.mozilla.org/
/mobile/xul/app/
Attachment #720518 - Flags: review?(gavin.sharp)
Flags: needinfo?
Attached patch v2 (obsolete) — Splinter Review 
Since they are all simple changes, I have just updated b2 and mobile directories
Attachment #720521 - Flags: review?(gavin.sharp)
Flags: needinfo?
Attachment #720518 - Attachment is obsolete: true
Attachment #720518 - Flags: review?(gavin.sharp)
While we're at it, it looks like input.mozilla._org_ is the canonical URL, so we should probably also switch to that.
Attached patch v3 (obsolete) — Splinter Review 
Use https and mozilla.org
Attachment #720552 - Flags: review?(gavin.sharp)
Attachment #720521 - Attachment is obsolete: true
Attachment #720521 - Flags: review?(gavin.sharp)
Assignee: nobody → raymond
Status: NEW → ASSIGNED
I've never seen any indication there's handling for #broken. I think that doesn't exist. We probably should take out the brokenURL thing.
(In reply to Will Kahn-Greene [:willkg] from comment #11)
> I've never seen any indication there's handling for #broken. I think that
> doesn't exist. We probably should take out the brokenURL thing.

This preference is being used by testpilot.

http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/extensions/testpilot@labs.mozilla.com/modules/feedback.js#35

Jono: Do you know more about that? Can we remove that?
Flags: needinfo?(jono)
If you go to the above #broken url, you just end up on the feedback form (the #broken part doesn't do anything). So it "works", but doesn't do anything in particular unless metrics is tracking it somehow outside of Input.

One other thing is that we're in the process of getting the new Input to production and it should be there this month. End of March at the latest. At that point, all these urls are going to need to change again.

I'd hold off on making url changes until the new Input is in production.
We're also re-writing testpilot (bug 840108) and removing some of the "input" pieces from it (bug 841437). So for the moment we should probably just not touch that code.

It looks to me though that app.feedbackURL is a remnant from mobile XUL's about page that got copied to b2g/metro but isn't used there. So perhaps we can just remove it? 

We may want to avoid touching mobile/ in this bug too (and perhaps file a followup on them), so maybe this bug should just cover making the utilityOverlay change.
Flags: needinfo?(jono)
Depends on: 847784
Depends on: 847786
Depends on: 847788
Depends on: 847789
Attached patch v4 (obsolete) — Splinter Review 
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #14)
> We're also re-writing testpilot (bug 840108) and removing some of the
> "input" pieces from it (bug 841437). So for the moment we should probably
> just not touch that code.
> 
> It looks to me though that app.feedbackURL is a remnant from mobile XUL's
> about page that got copied to b2g/metro but isn't used there. So perhaps we
> can just remove it? 

Filed bug 847784 and bug 847786

> 
> We may want to avoid touching mobile/ in this bug too (and perhaps file a
> followup on them), 

Filed bug 847788 and bug 847789

> so maybe this bug should just cover making the
> utilityOverlay change.

The patch only contains the utilityOverlay change.
Attachment #720552 - Attachment is obsolete: true
Attachment #720552 - Flags: review?(gavin.sharp)
Attachment #721058 - Flags: review?(gavin.sharp)
Attachment #721058 - Flags: review?(gavin.sharp) → review+

        Attachment #721058 -
        Attachment is obsolete: true

    
  
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/2a84cfaf3a6a
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 22

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: