958883 - Use HTTPS for Yahoo searches

Status: VERIFIED FIXED

(Firefox :: Search, enhancement)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: Part 1: Use HTTPS for Yahoo searches but not suggestions

+++ This bug was initially created as a clone of Bug #958873 +++

Yahoo search over HTTPS is now working in a useful way. Let's switch Yahoo! in the search box to use HTTPS like we did for Google in bug 633773.

https://ff.search.yahoo.com is not working yet, so I didn't switch search suggestions in the first patch. However, by reverse engineering the way search suggestions are done in the in-content search box on https://search.yahoo.com, I was able to get search suggestions working over HTTPS. However, we should talk to Yahoo to make sure this is the URL they want us to use for the suggestions.

The patch was tested only on desktop Firefox.

I would like to uplift this to Firefox 28 if possible.

Comment 1

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: Part 2: Use HTTPS for Yahoo search suggestions, using URL found by reverse-engineering

Comment 2

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Kev, could you please ask Yahoo about this? In particular, could you ask them about what URL we should use for search suggestions over HTTPS, and could you ask them whether they have any concerns about timing?

Comment 3

[Mike Connor [:mconnor]]

Met with Yahoo yesterday, they're ready to move forward, taking this to drive it across all locales (we have about 75 Yahoo plugins).

Comment 4

[Mike Connor [:mconnor]]

Attachment: yahooSSL

Comment 5

[Mike Connor [:mconnor]]

Attachment: yahooSSLFennec

Comment 6

[Chris Peterson [:cpeterson]]

Can we uplift these search URL changes to Aurora 30 or even Beta 29?

Relevant news:

* "Status Update: Encryption at Yahoo"
http://yahoo.tumblr.com/post/81529518520/status-update-encryption-at-yahoo

* "Yahoo Bolsters Encryption Between Data Centers, Promises New, Encrypted Messenger In “Months”"
http://techcrunch.com/2014/04/02/yahoo-bolsters-encryption-between-data-centers-promises-new-encrypted-messenger-in-months/

Comment 7

[Mark Finkle (:mfinkle) (use needinfo?)]

Comment on attachment 8400935 [details] [diff] [review]
yahooSSLFennec

>diff --git a/browser/locales/en-US/searchplugins/yahoo.xml b/browser/locales/en-US/searchplugins/yahoo.xml

>-<SearchForm>http://search.yahoo.com/</SearchForm>
>+<SearchForm>https://search.yahoo.com/</SearchForm>

This part goes with the desktop patch. Looks right though.

Comment 8

[Mike Connor [:mconnor]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/97f2e9782e1c
https://hg.mozilla.org/integration/mozilla-inbound/rev/d4cee9bce9a3

Comment 9

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/97f2e9782e1c
https://hg.mozilla.org/mozilla-central/rev/d4cee9bce9a3

Comment 10

[u279076]

Paul, can you make sure this gets some testing to confirm Yahoo searches are going to https://search.yahoo.com/ and to do some regression testing around search in general?

Comment 11

[Camelia Badau [:cbadau], Desktop Test Engineering]

I'm taking this over from Paul.

Comment 12

[Camelia Badau [:cbadau], Desktop Test Engineering]

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0

Verified fixed on latest Nightly 31.0a1 (buildID: 20140409030203).

Comment 13

[Mike Connor [:mconnor]]

Comment on attachment 8400934 [details] [diff] [review]
yahooSSL

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: HTTP-only search
Testing completed (on m-c, etc.): baking for over a week, no issues reported
Risk to taking this patch (and alternatives if risky): minimal
String or IDL/UUID changes made by this patch: none

Comment 14

[Sylvestre Ledru [:Sylvestre]]

Comment on attachment 8400934 [details] [diff] [review]
yahooSSL

Approving because it is a tiny change.

Comment 15

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/092fcf1503ef
https://hg.mozilla.org/releases/mozilla-aurora/rev/9319e8c11d01

https://hg.mozilla.org/releases/mozilla-beta/rev/c5d91a0d3a2e
https://hg.mozilla.org/releases/mozilla-beta/rev/38f6b630f2cd

Comment 16

[Camelia Badau [:cbadau], Desktop Test Engineering]

Verified fixed on Windows 7 64bit, Ubuntu 13.10 32bit and Mac OS X 10.8 using:
#latest Aurora, build ID: 20140417004004
#Fx 29 beta 9, build ID: 20140417185217

Comment 17

[Erin Lancaster [:elan]]

Arcadio, relman: although this is en-us only, it was suggested in IRC to possibly include in relnotes.

Comment 18

[Sylvestre Ledru [:Sylvestre]]

Erin, that sounds a bit minor to me (or I am missing the point?) and we have already plenty of new features. Why do you think it is relevant to have it in the release notes? Thanks

Comment 19

[Chris Peterson [:cpeterson]]

Web security is in the headlines of even non-tech news, so mentioning improved security feature like HTTPS Yahoo looks good. Plus Yahoo published some press releases when they made HTTPS changes on their side, so it was a big deal for them.

Comment 20

[Lukas Blakk [:lsblakk] use ?needinfo]

Agreed, added "HTTPS used for Yahoo Searches performed in en-US locale" to both mobile and desktop notes for 29 release.