Closed Bug 840687 Opened 8 years ago Closed 8 years ago

Use HTTPS instead of HTTP for in-product documentation URLs

Categories

(Firefox Graveyard :: Help Documentation, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED
Firefox 22

People

(Reporter: briansmith, Assigned: raymondlee)

References

Details

(Keywords: meta)

Attachments

(1 file, 1 obsolete file)

+++ This bug was initially created as a clone of Bug #771788 +++

Got to about:config and search for "http://"

app.releaseNotesURL;http://www.mozilla.com/%LOCALE%/%APP%/%VERSION%/releasenotes/
app.support.baseURL;http://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
app.update.url.details;http://www.mozilla.com/%LOCALE%/%APP%/releases/
app.update.url.manual;http://www.firefox.com
app.vendorURL;http://www.mozilla.com/%LOCALE%/%APP%/
[...]
browser.geolocation.warning.infoURL;http://www.mozilla.com/%LOCALE%/firefox/geolocation/
datareporting.healthreport.infoURL;http://www.mozilla.org/legal/privacy/firefox.html#health-report
toolkit.crashreporter.infoURL;http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter
toolkit.telemetry.infoURL;http://www.mozilla.com/legal/privacy/firefox.html#telemetry

On 'app.update.url.manual;http://www.firefox.com' suffix a slash at the end to make it FQDN.

Most or all of these can be "fixed" simply by replacing "http://" with "https://" as the various websites already support HTTPS.
These bugs are probably best filed per-host. support.mozilla.org link changes require sign-off from different people than mozilla.com links. I think mozilla.com/org can probably just be changed wholesale.
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #1)
> These bugs are probably best filed per-host. support.mozilla.org link
> changes require sign-off from different people than mozilla.com links. I
> think mozilla.com/org can probably just be changed wholesale.

support.mozilla.org in particular is not really designed to have all traffic come over HTTPS right now. I don't think it would cause the site to fall over, but there are changes we would really rather make before Firefox changed to HTTPS-only.

With any site, including mozilla.com/org, please CC or otherwise confirm with relevant webdev and ops that the infrastructure will support the increase in HTTPS traffic.
(In reply to James Socol [:jsocol, :james] from comment #2)
> With any site, including mozilla.com/org, please CC or otherwise confirm
> with relevant webdev and ops that the infrastructure will support the
> increase in HTTPS traffic.

Thanks. I filed separate bugs for support.mozilla.org and for the Help|About link at firefox.com. All of these bugs are blocking bug 771788, and I will send out a pointer to bug 771788 to dev-webdev.
Attached patch v1 (obsolete) — Splinter Review
(In reply to Brian Smith (:bsmith) from comment #0)
> [...]
> browser.geolocation.warning.infoURL;http://www.mozilla.com/%LOCALE%/firefox/
> geolocation/

I will file some followups for b2, metro and mobile/android as they don't seem to use that preference, and a followup for mobile/xul to update it to use HTTPS

> datareporting.healthreport.infoURL;http://www.mozilla.org/legal/privacy/
> firefox.html#health-report

Updated

> toolkit.crashreporter.infoURL;http://www.mozilla.com/legal/privacy/firefox.
> html#crash-reporter

Updated

> toolkit.telemetry.infoURL;http://www.mozilla.com/legal/privacy/firefox.
> html#telemetry
> 

Updated
Attachment #721093 - Flags: review?(gavin.sharp)
Depends on: 847811
Depends on: 847812
Depends on: 847814
Depends on: 847816
Assignee: nobody → raymond
Status: NEW → ASSIGNED
Comment on attachment 721093 [details] [diff] [review]
v1

>diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js

>-pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/geolocation/");
>+pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");

Seems like we need to decide whether we should use %LOCALE% for mozilla.org links. Relying on the server-side detection may be better than explicitly choosing a locale on the client. But I guess we don't need to sort that out now.

> pref("toolkit.crashreporter.infoURL",
>-     "http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter");
>+     "https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter");

Looks like the anchor portion of this link is broken. I guess we should file a Websites::www.mozilla.org website bug about that.
Attachment #721093 - Flags: review?(gavin.sharp) → review+
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #5)
> Comment on attachment 721093 [details] [diff] [review]
> v1
> 
> >diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
> 
> >-pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/geolocation/");
> >+pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");
> 
> Seems like we need to decide whether we should use %LOCALE% for mozilla.org
> links. Relying on the server-side detection may be better than explicitly
> choosing a locale on the client. But I guess we don't need to sort that out
> now.
> 

OK, leave it as it is.

> > pref("toolkit.crashreporter.infoURL",
> >-     "http://www.mozilla.com/legal/privacy/firefox.html#crash-reporter");
> >+     "https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter");
> 
> Looks like the anchor portion of this link is broken. I guess we should file
> a Websites::www.mozilla.org website bug about that.

Filed bug 855179
Attachment #721093 - Attachment is obsolete: true
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/00112a2ac923
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 22
Verified fixed on Windows 7 64bit, Ubuntu 13.10 and Mac OSX 10.8.5 using latest Nightly 34.0a1.
Status: RESOLVED → VERIFIED
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.