Closed Bug 847789 Opened 11 years ago Closed 11 years ago

Use HTTPS instead of HTTP for input.mozilla.org in mobile/android

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox21 fixed, firefox22 verified, firefox23 verified)

Status:
VERIFIED FIXED
Milestone:
Firefox 23
Tracking Flags:
Tracking Status
firefox21 --- fixed
firefox22 --- verified
firefox23 --- verified

People

(Reporter: raymondlee, Assigned: Margaret)

References

Details

Attachments

(1 file, 1 obsolete file)

updated patch
1.40 KB, patch
mfinkle
: review+
akeybl
: approval-mozilla-aurora+
akeybl
: approval-mozilla-beta+
Details | Diff | Splinter Review 
A followup bug see bug 840678 comment 14
Blocks: 771788
Summary: Bug 847788 - Use HTTPS instead of HTTP for input.mozilla.org in mobile/andriod → Use HTTPS instead of HTTP for input.mozilla.org in mobile/andriod
OS: Mac OS X → Android
Hardware: x86 → ARM
Right now we use "https://m.input.mozilla.org/%LOCALE%/feedback" to submit a POST request, and when I tried switching this to https, I ran into this error:

E/GeckoConsole(19038): m.input.mozilla.org:443 uses an invalid security certificate.
E/GeckoConsole(19038): 
E/GeckoConsole(19038): The certificate is only valid for the following names:
E/GeckoConsole(19038):   input.mozilla.com , mobile.input.mozilla.com , mobile.input.mozilla.org , input.mozilla.org  
E/GeckoConsole(19038): 
E/GeckoConsole(19038): (Error code: ssl_error_bad_cert_domain)
E/GeckoConsole(19038): [JavaScript Error: "Error sending feedback to input.mozilla.org: " {file: "about:feedback" line: 200}]
(In reply to :Margaret Leibovic from comment #1)
> Right now we use "https://m.input.mozilla.org/%LOCALE%/feedback" to submit a
> POST request, and when I tried switching this to https, I ran into this
> error:
> 
> E/GeckoConsole(19038): m.input.mozilla.org:443 uses an invalid security
> certificate.
> E/GeckoConsole(19038): 
> E/GeckoConsole(19038): The certificate is only valid for the following names:
> E/GeckoConsole(19038):   input.mozilla.com , mobile.input.mozilla.com ,
> mobile.input.mozilla.org , input.mozilla.org  
> E/GeckoConsole(19038): 
> E/GeckoConsole(19038): (Error code: ssl_error_bad_cert_domain)
> E/GeckoConsole(19038): [JavaScript Error: "Error sending feedback to
> input.mozilla.org: " {file: "about:feedback" line: 200}]

Will: do you have any insights about this?
Flags: needinfo?(willkg)
Yup. The current input is running old code and m.input.mozilla.org has a cert for different hosts.

The new input (which will go to prod later this month) doesn't have these problems since it doesn't use multiple hosts. I spent a bunch of time making sure that Firefox for Android can post feedback. After getting the new input code to production, I was going to suggest we change the urls for Firefox for Android. I wouldn't bother changing it until then since we'll have to turn around and change it again.
Flags: needinfo?(willkg)
Attached patch patch (obsolete) — Splinter Review 
Here's the patch to make the swap, but we can wait until the new input.mozilla.org is ready to do this.
As soon as we get input to prod, I'll comment here and we can go forward with fixing urls. Sorry it's taking so long.
Margaret: I looked at attachment #721300 [details] [diff] [review]. Can you additionally change the host from "m.input.mozilla.org" to "input.mozilla.org"?

So the new url would be:

https://input.mozilla.org/%LOCALE%/feedback

This will work fine now with the new input.mozilla.org.
Margaret: Also, I have a question. How hard is it to use a different url for each channel? Can it be done automatically? Or will it need to be changed every time the trees change (or whatever the migration operation is after a release)?

The reason I ask is that we'd rather do product/channel specific urls like this:

https://input.mozilla.org/%LOCALE%/feedback/firefox.android.stable
https://input.mozilla.org/%LOCALE%/feedback/firefox.android.beta
https://input.mozilla.org/%LOCALE%/feedback/firefox.android.aurora
https://input.mozilla.org/%LOCALE%/feedback/firefox.android.nightly

or something to that effect because it captures additional information that's difficult to synthesize correctly otherwise.

Is this hard/painful?
(In reply to Will Kahn-Greene [:willkg] from comment #7)
> Margaret: Also, I have a question. How hard is it to use a different url for
> each channel? Can it be done automatically? Or will it need to be changed
> every time the trees change (or whatever the migration operation is after a
> release)?
> 
> The reason I ask is that we'd rather do product/channel specific urls like
> this:
> 
> https://input.mozilla.org/%LOCALE%/feedback/firefox.android.stable
> https://input.mozilla.org/%LOCALE%/feedback/firefox.android.beta
> https://input.mozilla.org/%LOCALE%/feedback/firefox.android.aurora
> https://input.mozilla.org/%LOCALE%/feedback/firefox.android.nightly
> 
> or something to that effect because it captures additional information
> that's difficult to synthesize correctly otherwise.
> 
> Is this hard/painful?

Why not just pass the App version and OS? We do that for blocklist pings and updates.
What exactly does "the App version and OS" look like? Can you show me some examples?
Some examples can be found in mobile.js:

AMO:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#190

Blocklist pings:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#208
(note this one has a lot of variables, including %CHANNEL%, which might server your purpose)

SUMO:
http://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#445

We would need to get a list of the core values of %CHANNEL%, but also know that %CHANNEL% can be changed to one-off partner values as well. You'd need a fallback. Those partner one-offs should only happen for release builds. Nightly, Aurora and Beta should be fixed to well known values.
I'm definitely game for switching the url scheme especially if it's easier to maintain--I definitely don't want to create yet-another-scheme. The scheme in comment #7 isn't used, yet--I'm just feeling things out.

The bit at the end (e.g. "firefox.android.nightly") consists of a product name and a channel. The thinking was that this would be used as a form id so we can show the correct feedback form where it was theorized that different product/channel combinations have different feedback needs.

Looking at the sample urls in comment #10, it sounds like we should switch the composition of the form id from something like:

    firefox.android.channel

to something like:

    %PRODUCT%/%CHANNEL%/

That has the information we need. We have general mobile and desktop forms already that we'll use as fallbacks when more specific options aren't available. That should cover all the bases.

Bug #857056 will cover reworking Input to use a %PRODUCT%/%CHANNEL%/ form id scheme and support those urls.


For this bug, can we change the feedback url to this?:

    https://input.mozilla.org/%LOCALE%/feedback
Attached patch updated patchSplinter Review 
I cc'd myself to bug 857056, and I can help update the URL again when that's ready.
Assignee: nobody → margaret.leibovic
Attachment #721300 - Attachment is obsolete: true
Attachment #732347 - Flags: review?(mark.finkle)
Attachment #732347 - Flags: review?(mark.finkle) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/bae2ff5d3ca9

Will, should we uplift this change to aurora/beta?
Flags: needinfo?(willkg)
Margaret: If you could do that, you'd be my favoritest person ever!
Flags: needinfo?(willkg)
Comment on attachment 732347 [details] [diff] [review]
updated patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): n/a
User impact if declined: feedback sent over http instead of https
Testing completed (on m-c, etc.): just landed on inbound
Risk to taking this patch (and alternatives if risky): low-risk, changes url for POST request from about:feedback
String or IDL/UUID changes made by this patch: n/a
Attachment #732347 - Flags: approval-mozilla-beta?
Attachment #732347 - Flags: approval-mozilla-aurora?
Attachment #732347 - Flags: approval-mozilla-beta?
Attachment #732347 - Flags: approval-mozilla-beta+
Attachment #732347 - Flags: approval-mozilla-aurora?
Attachment #732347 - Flags: approval-mozilla-aurora+
Will - I trust input on previous versions of Firefox for Android will still function, even with the m. subdomain. Please email me if that isn't the case. 

Also adding verifyme to make sure the new URL and new input is on QA's radar for testing.
Keywords: qawanted, verifyme
Alex: Yes! We did some configuration trickery so that Firefox for Android currently works fine with the new Input. I'd be happy when we can ditch the trickery, though.
https://hg.mozilla.org/mozilla-central/rev/bae2ff5d3ca9
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 23
Keywords: verifyme
Status: RESOLVED → VERIFIED
Keywords: qawanted
status-firefox23: fixedverified
Summary: Use HTTPS instead of HTTP for input.mozilla.org in mobile/andriod → Use HTTPS instead of HTTP for input.mozilla.org in mobile/android
Verified fixed on:
Build: Firefox for Android 22 Beta 1 (2013-05-15)
Device: Samsung Galaxy Nexus
OS:Android 4.1.1
status-firefox22: fixedverified
See Also: → 985920
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: