9.64 KB, patch
|Details | Diff | Splinter Review|
14.39 KB, patch
|Details | Diff | Splinter Review|
+++ This bug was initially created as a clone of Bug #958873 +++ Yahoo search over HTTPS is now working in a useful way. Let's switch Yahoo! in the search box to use HTTPS like we did for Google in bug 633773. https://ff.search.yahoo.com is not working yet, so I didn't switch search suggestions in the first patch. However, by reverse engineering the way search suggestions are done in the in-content search box on https://search.yahoo.com, I was able to get search suggestions working over HTTPS. However, we should talk to Yahoo to make sure this is the URL they want us to use for the suggestions. The patch was tested only on desktop Firefox. I would like to uplift this to Firefox 28 if possible.
Kev, could you please ask Yahoo about this? In particular, could you ask them about what URL we should use for search suggestions over HTTPS, and could you ask them whether they have any concerns about timing?
Flags: needinfo?(kev) → needinfo?(mconnor)
Assignee: brian → nobody
Met with Yahoo yesterday, they're ready to move forward, taking this to drive it across all locales (we have about 75 Yahoo plugins).
Assignee: nobody → mconnor
Can we uplift these search URL changes to Aurora 30 or even Beta 29? Relevant news: * "Status Update: Encryption at Yahoo" http://yahoo.tumblr.com/post/81529518520/status-update-encryption-at-yahoo * "Yahoo Bolsters Encryption Between Data Centers, Promises New, Encrypted Messenger In “Months”" http://techcrunch.com/2014/04/02/yahoo-bolsters-encryption-between-data-centers-promises-new-encrypted-messenger-in-months/
Comment on attachment 8400935 [details] [diff] [review] yahooSSLFennec >diff --git a/browser/locales/en-US/searchplugins/yahoo.xml b/browser/locales/en-US/searchplugins/yahoo.xml >-<SearchForm>http://search.yahoo.com/</SearchForm> >+<SearchForm>https://search.yahoo.com/</SearchForm> This part goes with the desktop patch. Looks right though.
Attachment #8400935 - Flags: review?(mark.finkle) → review+
Attachment #8400934 - Flags: review?(gavin.sharp) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 31
Paul, can you make sure this gets some testing to confirm Yahoo searches are going to https://search.yahoo.com/ and to do some regression testing around search in general?
I'm taking this over from Paul.
QA Contact: paul.silaghi → camelia.badau
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0 Verified fixed on latest Nightly 31.0a1 (buildID: 20140409030203).
Comment on attachment 8400934 [details] [diff] [review] yahooSSL [Approval Request Comment] Bug caused by (feature/regressing bug #): User impact if declined: HTTP-only search Testing completed (on m-c, etc.): baking for over a week, no issues reported Risk to taking this patch (and alternatives if risky): minimal String or IDL/UUID changes made by this patch: none
Comment on attachment 8400934 [details] [diff] [review] yahooSSL Approving because it is a tiny change.
Verified fixed on Windows 7 64bit, Ubuntu 13.10 32bit and Mac OS X 10.8 using: #latest Aurora, build ID: 20140417004004 #Fx 29 beta 9, build ID: 20140417185217
Arcadio, relman: although this is en-us only, it was suggested in IRC to possibly include in relnotes.
Erin, that sounds a bit minor to me (or I am missing the point?) and we have already plenty of new features. Why do you think it is relevant to have it in the release notes? Thanks
Web security is in the headlines of even non-tech news, so mentioning improved security feature like HTTPS Yahoo looks good. Plus Yahoo published some press releases when they made HTTPS changes on their side, so it was a big deal for them.
Agreed, added "HTTPS used for Yahoo Searches performed in en-US locale" to both mobile and desktop notes for 29 release.
You need to log in before you can comment on or make changes to this bug.