Closed Bug 896211 Opened 11 years ago Closed 11 years ago

browser.mixedcontent.warning.infoURL should use SSL

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 26

People

(Reporter: sjw+bugzilla, Assigned: ananuti)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 3 obsolete files)

unbitrotted c8c9bd74cc40
2.39 KB, patch
ananuti
: review+
Details | Diff | Splinter Review 
The value of browser.mixedcontent.warning.infoURL (Learn More) is http://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/

It should be https://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/ (Use https)
Blocks: MixedContentBlocker
Summary: warning info URL → warning info URL should use SSL
Summary: warning info URL should use SSL → browser.mixedcontent.warning.infoURL should use SSL
Attached patch patch (obsolete) — Splinter Review 
Assignee: nobody → ananuti
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

        Attachment #778937 -
        Flags: review?(gavin.sharp)

    
    

    
  
Comment on attachment 778937 [details] [diff] [review]
patch

Wow, thats fast :)

> pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");
For what is this Line?

    
    

    
  
Comment on attachment 778937 [details] [diff] [review]
patch

This looks good, but this link should really be relative to app.support.baseURL, rather than in its own pref. Do you want to fix that instead?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch, v2 (obsolete)
        — Splinter Review
      

    


  

        Attachment #778937 -
        Attachment is obsolete: true

        Attachment #778937 -
        Flags: review?(gavin.sharp)

        Attachment #779019 -
        Flags: review?(gavin.sharp)

        Attachment #779019 -
        Flags: review?(gavin.sharp) → review?(jaws)

        Attachment #779019 -
        Flags: review?(jaws) → review?(mconley)

    
    

    
  
I think this patch should use openHelpLink though I haven't tested it.

    
    

    
  
Comment on attachment 779019 [details] [diff] [review]
patch, v2

(In reply to Jared Wein [:jaws] (Vacation 8/1 to 8/4) from comment #5)
> I think this patch should use openHelpLink though I haven't tested it.

There are a number of places where we don't use openHelpLink - and it's usually for stuff like this (dynamically populated / initted UI). I think we're OK to still do this - but feel free to file a follow-up bug if you think this is a real issue.

Anyhow, this patch looks good to me. Thanks Ekanan!

        Attachment #779019 -
        Flags: review?(mconley) → review+

    
    

    
  
(In reply to Mike Conley (:mconley) from comment #6)
> There are a number of places where we don't use openHelpLink - and it's
> usually for stuff like this (dynamically populated / initted UI)

We should be able to just set the onclick attribute on the link, rather than setting href?

I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or somesuch

    
    

    
  
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #7)
> (In reply to Mike Conley (:mconley) from comment #6)
> > There are a number of places where we don't use openHelpLink - and it's
> > usually for stuff like this (dynamically populated / initted UI)
> 
> We should be able to just set the onclick attribute on the link, rather than
> setting href?
> 
> I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or
> somesuch

Yeah, I'd be fine with that too. Either that, or blanket conversion of all such instances in a separate bug (since this bug was just about switching the link to HTTPS).

Ekanan - how do you feel about spinning up a new patch with Gavin's suggestion?
Flags: needinfo?(ananuti)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch, v3 (obsolete)
        — Splinter Review
      

    


  
Updated the patch to use openHelpLink.

        Attachment #785297 -
        Flags: review?(mconley)
Flags: needinfo?(ananuti)

    
    

    
  
Comment on attachment 785297 [details] [diff] [review]
patch, v3

Review of attachment 785297 [details] [diff] [review]:
-----------------------------------------------------------------

So sorry for the delay! This looks good to me.

        Attachment #785297 -
        Flags: review?(mconley) → review+

    
    

    
  


  
carrying over r=mconley

        Attachment #779019 -
        Attachment is obsolete: true

        Attachment #785297 -
        Attachment is obsolete: true

        Attachment #791909 -
        Flags: review+

    
  
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/cf667c298f00
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 26

    
  
Keywords: verifyme

    
    

    
  
I confirm the fix is verified on Latest Nightly 26. 

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0

browser.geolocation.warning.infoURL pref is using https as mentioned in Comment 0.

https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Status: RESOLVED → VERIFIED
Keywords: verifyme

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: