840687 - Use HTTPS instead of HTTP for in-product documentation URLs

Status: VERIFIED FIXED

(Firefox Graveyard :: Help Documentation, defect)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

+++ This bug was initially created as a clone of Bug #771788 +++

Got to about:config and search for "http://"

app.releaseNotesURL;http://www.mozilla.com/%LOCALE%/%APP%/%VERSION%/releasenotes/
app.support.baseURL;http://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
app.update.url.details;http://www.mozilla.com/%LOCALE%/%APP%/releases/
app.update.url.manual;http://www.firefox.com
app.vendorURL;http://www.mozilla.com/%LOCALE%/%APP%/
[...]
browser.geolocation.warning.infoURL;http://www.mozilla.com/%LOCALE%/firefox/geolocation/
datareporting.healthreport.infoURL;http://www.mozilla.org/legal/privacy/firefox.html#health-report
toolkit.crashreporter.infoURL;http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter
toolkit.telemetry.infoURL;http://www.mozilla.com/legal/privacy/firefox.html#telemetry

On 'app.update.url.manual;http://www.firefox.com' suffix a slash at the end to make it FQDN.

Most or all of these can be "fixed" simply by replacing "http://" with "https://" as the various websites already support HTTPS.

Comment 1

[:Gavin Sharp [email: gavin@gavinsharp.com]]

These bugs are probably best filed per-host. support.mozilla.org link changes require sign-off from different people than mozilla.com links. I think mozilla.com/org can probably just be changed wholesale.

Comment 2

[James Socol [:jsocol, :james]]

(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #1)
> These bugs are probably best filed per-host. support.mozilla.org link
> changes require sign-off from different people than mozilla.com links. I
> think mozilla.com/org can probably just be changed wholesale.

support.mozilla.org in particular is not really designed to have all traffic come over HTTPS right now. I don't think it would cause the site to fall over, but there are changes we would really rather make before Firefox changed to HTTPS-only.

With any site, including mozilla.com/org, please CC or otherwise confirm with relevant webdev and ops that the infrastructure will support the increase in HTTPS traffic.

Comment 3

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to James Socol [:jsocol, :james] from comment #2)
> With any site, including mozilla.com/org, please CC or otherwise confirm
> with relevant webdev and ops that the infrastructure will support the
> increase in HTTPS traffic.

Thanks. I filed separate bugs for support.mozilla.org and for the Help|About link at firefox.com. All of these bugs are blocking bug 771788, and I will send out a pointer to bug 771788 to dev-webdev.

Comment 4

[Raymond Lee [:raymondlee]]

Attachment: v1

(In reply to Brian Smith (:bsmith) from comment #0)
> [...]
> browser.geolocation.warning.infoURL;http://www.mozilla.com/%LOCALE%/firefox/
> geolocation/

I will file some followups for b2, metro and mobile/android as they don't seem to use that preference, and a followup for mobile/xul to update it to use HTTPS

> datareporting.healthreport.infoURL;http://www.mozilla.org/legal/privacy/
> firefox.html#health-report

Updated

> toolkit.crashreporter.infoURL;http://www.mozilla.com/legal/privacy/firefox.
> html#crash-reporter

Updated

> toolkit.telemetry.infoURL;http://www.mozilla.com/legal/privacy/firefox.
> html#telemetry
> 

Updated

Comment 5

[:Gavin Sharp [email: gavin@gavinsharp.com]]

Comment on attachment 721093 [details] [diff] [review]
v1

>diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js

>-pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/geolocation/");
>+pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");

Seems like we need to decide whether we should use %LOCALE% for mozilla.org links. Relying on the server-side detection may be better than explicitly choosing a locale on the client. But I guess we don't need to sort that out now.

> pref("toolkit.crashreporter.infoURL",
>-     "http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter");
>+     "https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter");

Looks like the anchor portion of this link is broken. I guess we should file a Websites::www.mozilla.org website bug about that.

Comment 6

[Raymond Lee [:raymondlee]]

Attachment: Patch for check-in

(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #5)
> Comment on attachment 721093 [details] [diff] [review]
> v1
> 
> >diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
> 
> >-pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/geolocation/");
> >+pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");
> 
> Seems like we need to decide whether we should use %LOCALE% for mozilla.org
> links. Relying on the server-side detection may be better than explicitly
> choosing a locale on the client. But I guess we don't need to sort that out
> now.
> 

OK, leave it as it is.

> > pref("toolkit.crashreporter.infoURL",
> >-     "http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter");
> >+     "https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter");
> 
> Looks like the anchor portion of this link is broken. I guess we should file
> a Websites::www.mozilla.org website bug about that.

Filed bug 855179

Comment 7

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/00112a2ac923

Comment 8

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/00112a2ac923

Comment 9

[Camelia Badau [:cbadau], Desktop QA]

Verified fixed on Windows 7 64bit, Ubuntu 13.10 and Mac OSX 10.8.5 using latest Nightly 34.0a1.