Closed Bug 958874 Opened 10 years ago Closed 9 years ago

Use HTTPS for Bing search

Categories

(Firefox :: Search, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
Firefox 38
Tracking Status
firefox36 --- wontfix
firefox37 + fixed
firefox38 --- fixed
relnote-firefox --- 37+

People

(Reporter: briansmith, Assigned: mconnor)

References

()

Details

(Keywords: privacy)

Attachments

(1 file, 2 obsolete files)

+++ This bug was initially created as a clone of Bug #958873 +++

Bug 958873 has a patch to use HTTPS for Bing. However, https://api.bing.com is not working yet, so I didn't switch search suggestions. We should ask Bing how we can get HTTPS search suggestions working.
See Also: → 958873
The https://bing.com web page uses this for search suggestions:

https://www.bing.com/AS/Suggestions?qry=testing&cvid=<redacted>

I am not sure what cvid is but I'm guessing it is probably an API key. Do we have a Bing API key?
Kev worked on this in bug 603298.

Kev, could you please ask Bing about how we can get search suggestions for Bing in our search box using HTTPS? See also bug 958873, which is about switching over to HTTPS for Bing.

Note that Bing just added HTTPS support today.
Flags: needinfo?(kev)
Keywords: privacy
Kev doesn't really deal with this stuff anymore.  I'll follow up.
Flags: needinfo?(kev) → needinfo?(mconnor)
(In reply to Mike Connor [:mconnor] from comment #3)
> Kev doesn't really deal with this stuff anymore.  I'll follow up.

I will forward you the email discussion. jnagel is contacting partners, IIUC.
See Also: → 959835
tl;dr This isn't ready to fly yet, but we'll sort out a timeline ASAP.  Bing is still calling this an experiment rather than committing to it at scale.
Flags: needinfo?(mconnor)
*poke*

Has any firefox dev gotten into this since the last comments?
It's an ongoing conversation with Bing.  When they're ready (in both a product and infrastructure sense) we'll land the right pieces.  As-is, they're not ready.
Blocks: 1049108
:mconnor, do you still have a contact at Microsoft who is responsible for this?  Can we ask what their plans are?  It's been a little while.

Note: bug 1054088 has made B2G customizations default to https.  I want to make sure that B2G isn't missed when this finally gets sorted out.
See Also: → 1054088
Flags: needinfo?(mconnor)
I've been actively poking them over the last couple of weeks, the Bing/Akamai cert issue is still the blocker. No ETA yet.
Flags: needinfo?(mconnor)
Looks like timing will be later in September ( \o/ ), if all goes well. Exact date for implementation to be discussed as we gain more confidence that Bing can meet their target set out. Lining everything else up in the meantime. 

Martin - for B2G, you will need to get specific go-ahead from Mike and/or Joanne to ensure B2G traffic can pass through there (from an expectations point of view). We have go-ahead for 'mobile only', but this was probably crouched in the context of Firefox for Android only. I don't want to spring any surprises on them.
Attached patch bingMobile (obsolete) — Splinter Review
Waiting on confirmation that this'll scale for desktop, but we're ready on mobile.  Finkle?
Assignee: nobody → mconnor
Status: NEW → ASSIGNED
Attachment #8489664 - Flags: review?(mark.finkle)
Comment on attachment 8489664 [details] [diff] [review]
bingMobile

>diff --git a/mobile/locales/en-US/searchplugins/bing.xml b/mobile/locales/en-US/searchplugins/bing.xml

>-  <Param name="form" value="OSDJAS"/>

I assume this was intentional
Attachment #8489664 - Flags: review?(mark.finkle) → review+
Summary: Use HTTPS for Bing search suggestions → Use HTTPS for Bing search
mconnor, can you land the patch here? Or file a separate Firefox for Android bug and land it there?
Flags: needinfo?(mconnor)
Depends on: 1104841
(In reply to :Margaret Leibovic from comment #14)
> mconnor, can you land the patch here? Or file a separate Firefox for Android
> bug and land it there?

I just filed bug 1104841. I'll land the Fennec patch there.
Flags: needinfo?(mconnor)
Attachment #8489664 - Attachment is obsolete: true
mconnor: HTTPS Bing landed in Firefox (35) for Android in bug 1104841. Any news on when we can switch to HTTPS Bing on desktop Firefox?
Flags: needinfo?(mconnor)
Looking like Q1.  Just a matter of confidence in their SSL infra handling the load.
Flags: needinfo?(mconnor)
Attached patch bingSSLDesktop (obsolete) — Splinter Review
We're clear to land this, finally.
Attachment #8558083 - Flags: review?(gavin.sharp)
Attached patch bingSSLDesktopSplinter Review
with tests updated (I think, don't have a built tree here and it's 1 AM)
Attachment #8558083 - Attachment is obsolete: true
Attachment #8558083 - Flags: review?(gavin.sharp)
Attachment #8558338 - Flags: review?(gavin.sharp)
Attachment #8558338 - Flags: review?(gavin.sharp) → review+
https://hg.mozilla.org/mozilla-central/rev/23ff20090ba9
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 38
Comment on attachment 8558338 [details] [diff] [review]
bingSSLDesktop

Approval Request Comment
[Feature/regressing bug #]:
[User impact if declined]: non-private searches for Bing users worldwide
[Describe test coverage new/current, TreeHerder]: Has test coverage for correctness of URLs across multiple access points
[Risks and why]: very minimal, given test coverage.
[String/UUID change made/needed]: n/a

Aurora only, since Bing is still watching this infrastructure, but I'd like to see it hit 37 Beta when we merge.
Attachment #8558338 - Flags: approval-mozilla-aurora?
Release Note Request (optional, but appreciated)
[Why is this notable]: Secure searches for Bing.
[Suggested wording]: New: Bing search now uses HTTPS for secure searching 
[Links (documentation, blog post, etc)]:
Comment on attachment 8558338 [details] [diff] [review]
bingSSLDesktop

This change looks pretty safe. I don't see the need to wait until 38 to make this change. Let's work out any issues with Bing in the 37 cycle. Aurora+
Attachment #8558338 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Tracking 37 as this is notable and I want to be alerted if the bug is reopened for any reason.
relnoted as "New: Bing search now uses HTTPS for secure searching".
You need to log in before you can comment on or make changes to this bug.