Open Bug 1437555 Opened 7 years ago Updated 2 years ago

Gather telemetry about making scheme-relative URL schemes be https

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: jkt, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

We should gather telemetry on how much breakage would happen if we decided to upgrade display only http pages with :// sub resources to https://. The rationale is that there is some level of implied consent this will work on https:// anyway and also deploying this will allow us to consider expanding this to other resources like scripts.
On a secure page these will already be secure. On an insecure page it's already insecure so you can't trust the stuff it's loading. Even if we did upgrade the links, if you're under MITM attack you can't trust those links.
Assignee: nobody → jkt
Summary: Consider making scheme-relative URL schemes be https → Gather telemetry about making scheme-relative URL schemes be https
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

The bug assignee didn't login in Bugzilla in the last 7 months.
:ckerschb, could you have a look please?
For more information, please visit auto_nag documentation.

Assignee: jonathan → nobody
Flags: needinfo?(ckerschb)
Flags: needinfo?(ckerschb)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.