Closed Bug 958874 Opened 6 years ago Closed 5 years ago
Use HTTPS for Bing search
+++ This bug was initially created as a clone of Bug #958873 +++ Bug 958873 has a patch to use HTTPS for Bing. However, https://api.bing.com is not working yet, so I didn't switch search suggestions. We should ask Bing how we can get HTTPS search suggestions working.
The https://bing.com web page uses this for search suggestions: https://www.bing.com/AS/Suggestions?qry=testing&cvid=<redacted> I am not sure what cvid is but I'm guessing it is probably an API key. Do we have a Bing API key?
Kev worked on this in bug 603298. Kev, could you please ask Bing about how we can get search suggestions for Bing in our search box using HTTPS? See also bug 958873, which is about switching over to HTTPS for Bing. Note that Bing just added HTTPS support today.
Kev doesn't really deal with this stuff anymore. I'll follow up.
Flags: needinfo?(kev) → needinfo?(mconnor)
(In reply to Mike Connor [:mconnor] from comment #3) > Kev doesn't really deal with this stuff anymore. I'll follow up. I will forward you the email discussion. jnagel is contacting partners, IIUC.
tl;dr This isn't ready to fly yet, but we'll sort out a timeline ASAP. Bing is still calling this an experiment rather than committing to it at scale.
*poke* Has any firefox dev gotten into this since the last comments?
It's an ongoing conversation with Bing. When they're ready (in both a product and infrastructure sense) we'll land the right pieces. As-is, they're not ready.
:mconnor, do you still have a contact at Microsoft who is responsible for this? Can we ask what their plans are? It's been a little while. Note: bug 1054088 has made B2G customizations default to https. I want to make sure that B2G isn't missed when this finally gets sorted out.
See Also: → 1054088
I've been actively poking them over the last couple of weeks, the Bing/Akamai cert issue is still the blocker. No ETA yet.
Looks like timing will be later in September ( \o/ ), if all goes well. Exact date for implementation to be discussed as we gain more confidence that Bing can meet their target set out. Lining everything else up in the meantime. Martin - for B2G, you will need to get specific go-ahead from Mike and/or Joanne to ensure B2G traffic can pass through there (from an expectations point of view). We have go-ahead for 'mobile only', but this was probably crouched in the context of Firefox for Android only. I don't want to spring any surprises on them.
Waiting on confirmation that this'll scale for desktop, but we're ready on mobile. Finkle?
Assignee: nobody → mconnor
Status: NEW → ASSIGNED
Attachment #8489664 - Flags: review?(mark.finkle)
Comment on attachment 8489664 [details] [diff] [review] bingMobile >diff --git a/mobile/locales/en-US/searchplugins/bing.xml b/mobile/locales/en-US/searchplugins/bing.xml >- <Param name="form" value="OSDJAS"/> I assume this was intentional
Attachment #8489664 - Flags: review?(mark.finkle) → review+
See Also: 958873 →
Duplicate of this bug: 958873
Summary: Use HTTPS for Bing search suggestions → Use HTTPS for Bing search
mconnor, can you land the patch here? Or file a separate Firefox for Android bug and land it there?
(In reply to :Margaret Leibovic from comment #14) > mconnor, can you land the patch here? Or file a separate Firefox for Android > bug and land it there? I just filed bug 1104841. I'll land the Fennec patch there.
mconnor: HTTPS Bing landed in Firefox (35) for Android in bug 1104841. Any news on when we can switch to HTTPS Bing on desktop Firefox?
Looking like Q1. Just a matter of confidence in their SSL infra handling the load.
We're clear to land this, finally.
with tests updated (I think, don't have a built tree here and it's 1 AM)
Attachment #8558338 - Flags: review?(gavin.sharp) → review+
Comment on attachment 8558338 [details] [diff] [review] bingSSLDesktop Approval Request Comment [Feature/regressing bug #]: [User impact if declined]: non-private searches for Bing users worldwide [Describe test coverage new/current, TreeHerder]: Has test coverage for correctness of URLs across multiple access points [Risks and why]: very minimal, given test coverage. [String/UUID change made/needed]: n/a Aurora only, since Bing is still watching this infrastructure, but I'd like to see it hit 37 Beta when we merge.
Attachment #8558338 - Flags: approval-mozilla-aurora?
Release Note Request (optional, but appreciated) [Why is this notable]: Secure searches for Bing. [Suggested wording]: New: Bing search now uses HTTPS for secure searching [Links (documentation, blog post, etc)]:
Comment on attachment 8558338 [details] [diff] [review] bingSSLDesktop This change looks pretty safe. I don't see the need to wait until 38 to make this change. Let's work out any issues with Bing in the 37 cycle. Aurora+
Attachment #8558338 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Tracking 37 as this is notable and I want to be alerted if the bug is reopened for any reason.
You need to log in before you can comment on or make changes to this bug.