Closed Bug 1725402 Opened 3 years ago Closed 3 years ago

HTTPS-First should copy referrerInfo (and potentially more state) from upgraded channel when performing a fallback to http

Categories

(Core :: DOM: Security, defect, P1)

defect

Tracking

()

RESOLVED FIXED
94 Branch
Tracking Status
firefox94 --- fixed

People

(Reporter: ckerschb, Assigned: t.yavor)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file, 2 obsolete files)

In case we can't upgrade a top-level load to https we perform a fallback to http in DocumentLoadListener. Currently we do not copy state from the upgraded channel, like e.g. referrerinfo, but we should, similar to what we do here.

Type: task → defect
Attachment #9242277 - Attachment is obsolete: true

Comment on attachment 9242281 [details]
Bug 1725402 - Evaluate HSTS before https-only in NS_ShouldSecureUpgrade. r=ckerschb

Revision D126234 was moved to bug 1722489. Setting attachment 9242281 [details] to obsolete.

Attachment #9242281 - Attachment is obsolete: true
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/7147f598dfc7 HTTPS-First should copy referrerInfo (and potentially more state) from upgraded channel when performing a fallback to http.r=ckerschb,Gijs,freddyb
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: