Closed Bug 1746069 Opened 3 years ago Closed 3 years ago

HTTPS Only Mode gives problems with networks that require login

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Version:
Firefox 95
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1730920

People

(Reporter: martingomezabejonmg, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0

Steps to reproduce:

Create a new profile and connect to a network which requires an HTTP(S) login. Enable HTTPS-only mode everywhere, then open a random page.

Actual results:

A "you must login to network" message keeps appearing, even after clicking the button "login to network". This happens because Firefox connects to the detectportal... URL and it does not trust it because the certificate of the network login page is provided. This way, the user has to accept the risk and continue while there are no risks.

Expected results:

I should have been redirected to the network login page transparently

The Bugbug bot thinks this bug should belong to the 'Firefox::Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Security
Component: Security → DOM: Security
Product: Firefox → Core

The severity field is not set for this bug.
:ckerschb, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(ckerschb)

This sounds like bug 1665062, but we supposedly fixed that a year ago so I guess not?

Blocks: https-only-mode
Severity: -- → S3
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(ckerschb) → needinfo?(lyavor)
Priority: -- → P3
See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=1665062

That's weird. Actually we should have fixed it by https://bugzilla.mozilla.org/show_bug.cgi?id=1730920.
I will look into it

Flags: needinfo?(lyavor)

Could you help me to understand the actions you took because I am not able to reproduce the bug, probably I am missing something?

As far I understand the steps to reproduce look like this (please correct me if I am wrong):

  1. First connect to a wifi which requires a login
  2. Then enable https-only mode and try to open some random site (is the random site essential for the bug or is a blank tab sufficient?)
  3. Because we have not logged in yet, a button pops up below the url bar saying "login to network"
  4. After clicking on that button, the https-only error page appears(?) including a "continue with http" button. Or does a dialog appears below the url bar with "accept risk"?

Are those the things you did and is this order correct?

Flags: needinfo?(martingomezabejonmg)

Thank you for reporting!
I checked the dates. This bug was reported one day after the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1730920 was pushed or maybe even on the same day. I tested it exactly like it was described but that bug shouldn't exist anymore.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Flags: needinfo?(martingomezabejonmg)
You need to log in before you can comment on or make changes to this bug.