HTTPS Only Mode - Basic implementation
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox76 | --- | fixed |
People
(Reporter: julianwels, Assigned: julianwels)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
Basic implementation of the HTTPS Only Mode, which upgrades all insecure requests to https:// when a pref is set.
Should contain:
- Basic upgrade behind a pref
- Upgrade tests for requests, sub-resources, and redirects.
- Logging to console
Assignee | ||
Comment 1•5 years ago
|
||
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Backed out changeset 46dfbb4de902 for causing failures in test_x-frame-options.html
Backout link: https://hg.mozilla.org/integration/autoland/rev/157a80e6e571a2826d0afebb8b3d3bb666b4bbc8
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=293054790&repo=autoland&lineNumber=4194
Comment 4•5 years ago
|
||
Ah, good that we have that test, this is a problem indeed. Probably we should add a test for CSP frame-ancestors in combination with upgrade-insecure-requests as well to avoid that problem.
For XFO specifically we have to update code here:
https://searchfox.org/mozilla-central/rev/fb3b0075d1a9c4dafbdf339b835d462b5ae55a0e/dom/security/FramingChecker.cpp#137
Assignee | ||
Comment 5•5 years ago
|
||
This test failure didn't seem related to this revision and I could not reproduce it locally either.
Made another try-run where the test didn't fail, so added Check-in Needed again.
Comment 7•5 years ago
|
||
Backed out changeset 21f62488a5b5 (Bug 1620242) for causing bustages in nsMixedContentBlocker.cpp CLOSED TREE
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=293392372&repo=autoland&lineNumber=28626
Backout: https://hg.mozilla.org/integration/autoland/rev/77e4f540f4d4688a0460c27d16fa4ef988e69645
Comment 9•5 years ago
|
||
bugherder |
Assignee | ||
Updated•5 years ago
|
Description
•