Closed Bug 1298056 Opened 8 years ago Closed 8 years ago

Periodic HSTS updates hanging

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr45 --- unaffected
firefox50 --- fixed
firefox51 --- fixed

People

(Reporter: catlee, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors
(deleted), text/x-review-board-request
jcj
: review+
ritu
: approval-mozilla-aurora+
ritu
: approval-mozilla-esr45+
Details
Depends on: 1295268
Component: Security → Security: PSM
Priority: -- → P2
Whiteboard: [psm-backlog]
Assignee: nobody → dkeeler
Priority: P2 → P1
Whiteboard: [psm-backlog] → [psm-assigned]
Comment on attachment 8785460 [details] bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors https://reviewboard.mozilla.org/r/74648/#review72514 LGTM. One question attached. ::: security/manager/tools/getHSTSPreloadList.js:186 (Diff revision 1) > var uri = "https://" + host.name + "/"; > req.open("GET", uri, true); > req.timeout = REQUEST_TIMEOUT; > req.channel.notificationCallbacks = new RedirectAndAuthStopper(); > + > + let errorhandler = (evt) => { Is there any value in printing something from `evt` to identify what went wrong with said host?
Attachment #8785460 - Flags: review?(jjones) → review+
Comment on attachment 8785460 [details] bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors https://reviewboard.mozilla.org/r/74648/#review72514 > Is there any value in printing something from `evt` to identify what went wrong with said host? Sure - sounds good.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/1645acdb3e67 fix HSTS preload update script so it will continue when requests result in errors r=jcj DONTBUILD NPOTB a=KWierso
(There's more work to do here, such as to verify that this actually did fix it in production and then uplift the changes to the other branches to fix them too.)
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox50: --- → affected
status-firefox51: affectedfixed
status-firefox-esr45: --- → affected
Resolution: --- → FIXED
Comment on attachment 8785460 [details] bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors Looks like the patch worked as expected: https://people.mozilla.org/~dkeeler/hstscanary/ [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: this is an important component of an essential security feature (the HSTS preload list) User impact if declined: no first-connection HSTS protection for sites that we know should be HSTS Fix Landed on Version: 51 Risk to taking this patch (and alternatives if risky): extremely low - it's not part of the build String or UUID changes made by this patch: none See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #8785460 - Flags: approval-mozilla-esr45?
Attachment #8785460 - Flags: approval-mozilla-aurora?
Comment on attachment 8785460 [details] bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors NPTOB, Aurora50+, ESR45+
Attachment #8785460 - Flags: approval-mozilla-esr45?
Attachment #8785460 - Flags: approval-mozilla-esr45+
Attachment #8785460 - Flags: approval-mozilla-aurora?
Attachment #8785460 - Flags: approval-mozilla-aurora+
Turns out https://hg.mozilla.org/mozilla-central/rev/59ddf661a7ee from bug 709991 caused this. Since that only landed on 50, this doesn't affect esr-45.
status-firefox-esr45: affectedunaffected
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: