Closed Bug 958883 Opened 10 years ago Closed 10 years ago

Use HTTPS for Yahoo searches

Categories

(Firefox :: Search, enhancement)

enhancement
Not set
normal

Tracking

()

VERIFIED FIXED
Firefox 29
Tracking Status
firefox29 + verified
firefox30 + verified
firefox31 + verified
relnote-firefox --- 29+

People

(Reporter: briansmith, Assigned: mconnor)

References

()

Details

(Keywords: feature, privacy, Whiteboard: [qa!])

Attachments

(2 files, 2 obsolete files)

+++ This bug was initially created as a clone of Bug #958873 +++

Yahoo search over HTTPS is now working in a useful way. Let's switch Yahoo! in the search box to use HTTPS like we did for Google in bug 633773.

https://ff.search.yahoo.com is not working yet, so I didn't switch search suggestions in the first patch. However, by reverse engineering the way search suggestions are done in the in-content search box on https://search.yahoo.com, I was able to get search suggestions working over HTTPS. However, we should talk to Yahoo to make sure this is the URL they want us to use for the suggestions.

The patch was tested only on desktop Firefox.

I would like to uplift this to Firefox 28 if possible.
Attachment #8358859 - Flags: review?(gavin.sharp)
Kev, could you please ask Yahoo about this? In particular, could you ask them about what URL we should use for search suggestions over HTTPS, and could you ask them whether they have any concerns about timing?
Flags: needinfo?(kev)
Flags: needinfo?(kev) → needinfo?(mconnor)
Attachment #8358859 - Flags: review?(gavin.sharp)
Attachment #8358860 - Flags: review?(gavin.sharp)
Assignee: brian → nobody
Met with Yahoo yesterday, they're ready to move forward, taking this to drive it across all locales (we have about 75 Yahoo plugins).
Assignee: nobody → mconnor
Flags: needinfo?(mconnor)
Attached patch yahooSSLSplinter Review
Attachment #8358859 - Attachment is obsolete: true
Attachment #8358860 - Attachment is obsolete: true
Attachment #8400934 - Flags: review?(gavin.sharp)
Attached patch yahooSSLFennecSplinter Review
Attachment #8400935 - Flags: review?(mark.finkle)
Can we uplift these search URL changes to Aurora 30 or even Beta 29?

Relevant news:

* "Status Update: Encryption at Yahoo"
http://yahoo.tumblr.com/post/81529518520/status-update-encryption-at-yahoo

* "Yahoo Bolsters Encryption Between Data Centers, Promises New, Encrypted Messenger In “Months”"
http://techcrunch.com/2014/04/02/yahoo-bolsters-encryption-between-data-centers-promises-new-encrypted-messenger-in-months/
Keywords: feature
Comment on attachment 8400935 [details] [diff] [review]
yahooSSLFennec

>diff --git a/browser/locales/en-US/searchplugins/yahoo.xml b/browser/locales/en-US/searchplugins/yahoo.xml

>-<SearchForm>http://search.yahoo.com/</SearchForm>
>+<SearchForm>https://search.yahoo.com/</SearchForm>

This part goes with the desktop patch. Looks right though.
Attachment #8400935 - Flags: review?(mark.finkle) → review+
Attachment #8400934 - Flags: review?(gavin.sharp) → review+
https://hg.mozilla.org/mozilla-central/rev/97f2e9782e1c
https://hg.mozilla.org/mozilla-central/rev/d4cee9bce9a3
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 31
Paul, can you make sure this gets some testing to confirm Yahoo searches are going to https://search.yahoo.com/ and to do some regression testing around search in general?
Keywords: verifyme
QA Contact: paul.silaghi
Whiteboard: [qa+]
I'm taking this over from Paul.
QA Contact: paul.silaghi → camelia.badau
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0

Verified fixed on latest Nightly 31.0a1 (buildID: 20140409030203).
Status: RESOLVED → VERIFIED
Whiteboard: [qa+] → [qa!]
Depends on: 994141
No longer depends on: 994141
Depends on: 994248
Comment on attachment 8400934 [details] [diff] [review]
yahooSSL

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: HTTP-only search
Testing completed (on m-c, etc.): baking for over a week, no issues reported
Risk to taking this patch (and alternatives if risky): minimal
String or IDL/UUID changes made by this patch: none
Attachment #8400934 - Flags: approval-mozilla-beta?
Attachment #8400934 - Flags: approval-mozilla-aurora?
Attachment #8400935 - Flags: approval-mozilla-beta?
Attachment #8400935 - Flags: approval-mozilla-aurora?
Comment on attachment 8400934 [details] [diff] [review]
yahooSSL

Approving because it is a tiny change.
Attachment #8400934 - Flags: approval-mozilla-beta?
Attachment #8400934 - Flags: approval-mozilla-beta+
Attachment #8400934 - Flags: approval-mozilla-aurora?
Attachment #8400934 - Flags: approval-mozilla-aurora+
Attachment #8400935 - Flags: approval-mozilla-beta?
Attachment #8400935 - Flags: approval-mozilla-beta+
Attachment #8400935 - Flags: approval-mozilla-aurora?
Attachment #8400935 - Flags: approval-mozilla-aurora+
Whiteboard: [qa!] → [qa+]
Verified fixed on Windows 7 64bit, Ubuntu 13.10 32bit and Mac OS X 10.8 using:
#latest Aurora, build ID: 20140417004004
#Fx 29 beta 9, build ID: 20140417185217
Whiteboard: [qa+] → [qa!]
Target Milestone: Firefox 31 → Firefox 29
Arcadio, relman: although this is en-us only, it was suggested in IRC to possibly include in relnotes.
Erin, that sounds a bit minor to me (or I am missing the point?) and we have already plenty of new features. Why do you think it is relevant to have it in the release notes? Thanks
Web security is in the headlines of even non-tech news, so mentioning improved security feature like HTTPS Yahoo looks good. Plus Yahoo published some press releases when they made HTTPS changes on their side, so it was a big deal for them.
Agreed, added "HTTPS used for Yahoo Searches performed in en-US locale" to both mobile and desktop notes for 29 release.
Blocks: 1039004
Blocks: 1039003
You need to log in before you can comment on or make changes to this bug.