Closed
Bug 896211
Opened 11 years ago
Closed 11 years ago
browser.mixedcontent.warning.infoURL should use SSL
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
VERIFIED
FIXED
Firefox 26
People
(Reporter: sjw+bugzilla, Assigned: ananuti)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 3 obsolete files)
2.39 KB,
patch
|
ananuti
:
review+
|
Details | Diff | Splinter Review |
The value of browser.mixedcontent.warning.infoURL (Learn More) is http://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/ It should be https://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/ (Use https)
Blocks: MixedContentBlocker
Summary: warning info URL → warning info URL should use SSL
Updated•11 years ago
|
Summary: warning info URL should use SSL → browser.mixedcontent.warning.infoURL should use SSL
Assignee | ||
Comment 1•11 years ago
|
||
Assignee: nobody → ananuti
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #778937 -
Flags: review?(gavin.sharp)
Comment on attachment 778937 [details] [diff] [review] patch Wow, thats fast :) > pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/"); For what is this Line?
Comment 3•11 years ago
|
||
Comment on attachment 778937 [details] [diff] [review] patch This looks good, but this link should really be relative to app.support.baseURL, rather than in its own pref. Do you want to fix that instead?
Assignee | ||
Comment 4•11 years ago
|
||
Attachment #778937 -
Attachment is obsolete: true
Attachment #778937 -
Flags: review?(gavin.sharp)
Attachment #779019 -
Flags: review?(gavin.sharp)
Updated•11 years ago
|
Attachment #779019 -
Flags: review?(gavin.sharp) → review?(jaws)
Updated•11 years ago
|
Attachment #779019 -
Flags: review?(jaws) → review?(mconley)
Comment 5•11 years ago
|
||
I think this patch should use openHelpLink though I haven't tested it.
Comment 6•11 years ago
|
||
Comment on attachment 779019 [details] [diff] [review] patch, v2 (In reply to Jared Wein [:jaws] (Vacation 8/1 to 8/4) from comment #5) > I think this patch should use openHelpLink though I haven't tested it. There are a number of places where we don't use openHelpLink - and it's usually for stuff like this (dynamically populated / initted UI). I think we're OK to still do this - but feel free to file a follow-up bug if you think this is a real issue. Anyhow, this patch looks good to me. Thanks Ekanan!
Attachment #779019 -
Flags: review?(mconley) → review+
Comment 7•11 years ago
|
||
(In reply to Mike Conley (:mconley) from comment #6) > There are a number of places where we don't use openHelpLink - and it's > usually for stuff like this (dynamically populated / initted UI) We should be able to just set the onclick attribute on the link, rather than setting href? I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or somesuch
Comment 8•11 years ago
|
||
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #7) > (In reply to Mike Conley (:mconley) from comment #6) > > There are a number of places where we don't use openHelpLink - and it's > > usually for stuff like this (dynamically populated / initted UI) > > We should be able to just set the onclick attribute on the link, rather than > setting href? > > I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or > somesuch Yeah, I'd be fine with that too. Either that, or blanket conversion of all such instances in a separate bug (since this bug was just about switching the link to HTTPS). Ekanan - how do you feel about spinning up a new patch with Gavin's suggestion?
Flags: needinfo?(ananuti)
Assignee | ||
Comment 9•11 years ago
|
||
Updated the patch to use openHelpLink.
Attachment #785297 -
Flags: review?(mconley)
Flags: needinfo?(ananuti)
Comment 10•11 years ago
|
||
Comment on attachment 785297 [details] [diff] [review] patch, v3 Review of attachment 785297 [details] [diff] [review]: ----------------------------------------------------------------- So sorry for the delay! This looks good to me.
Attachment #785297 -
Flags: review?(mconley) → review+
Assignee | ||
Comment 11•11 years ago
|
||
carrying over r=mconley
Attachment #779019 -
Attachment is obsolete: true
Attachment #785297 -
Attachment is obsolete: true
Attachment #791909 -
Flags: review+
Assignee | ||
Updated•11 years ago
|
Keywords: checkin-needed
Comment 12•11 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/cf667c298f00
Keywords: checkin-needed
Whiteboard: [fixed-in-fx-team]
Comment 13•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cf667c298f00
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 26
Comment 14•11 years ago
|
||
I confirm the fix is verified on Latest Nightly 26. Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 browser.geolocation.warning.infoURL pref is using https as mentioned in Comment 0. https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in
before you can comment on or make changes to this bug.
Description
•