Fenix and Focus use "Nightly" branding in error page for x-frame-options failure, as well as `about:neterror?`
Categories
(Fenix :: General, defect)
Tracking
(Not tracked)
People
(Reporter: dholbert, Unassigned)
References
Details
Attachments
(3 files)
STR:
- Load the attached testcase in Firefox release on Android, or in Focus on Android.
- Read the error message inside the iframes.
ACTUAL RESULTS:
The error message refers to the browser as Nightly.
EXPECTED RESULTS:
The error message should refer to the browser as Firefox or Focus.
This is UI that was added in bug 1461195, with the string defined here:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#97-99
It looks like { -brand-short-name }
is the relevant string here. However: Firefox/Focus do expand the correct { -brand-short-name }
string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/
So it seems like maybe we use the wrong/default "Nightly" token as { -brand-short-name }
specifically when we're inside of an iframe for some reason, specifically on Android?
Reporter | ||
Comment 1•2 years ago
|
||
Reporter | ||
Comment 2•2 years ago
|
||
Reporter | ||
Comment 3•2 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #0)
It looks like
{ -brand-short-name }
is the relevant string here. However: Firefox/Focus do expand the correct{ -brand-short-name }
string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/
(I won't bother to post screenshots of these other areas where -brand-short-name
is resolving to the correct/expected string; you can take my word for it that this badssl cert-error page shows "Firefox" and "Firefox Focus" as-expected.)
That string for the properly-working cert-error page is defined here:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#19
vs. the string for the not-working x-frame-options error UI is here (a bit lower in the same file):
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/toolkit/locales/en-US/toolkit/neterror/certError.ftl#99
Both of those use { -brand-short-name }
, spelled exactly the same way. Also, this works properly on Firefox for Desktop.
So it seems like maybe we use the wrong/default "Nightly" token as { -brand-short-name } specifically when we're inside of an iframe for some reason, specifically on Android?
Presumably we're (unexpectedly) falling back to the default value that's defined here in the "unofficial" branding file, which I assume is a global fallback maybe:
https://searchfox.org/mozilla-central/rev/e66cff951667dacd0faa95dfde830564a58a8a3f/browser/branding/unofficial/locales/en-US/brand.ftl#20
Flod, I wonder if you have any ideas about what could be going wrong here, or know who might be a good person to investigate?
Comment 4•2 years ago
|
||
Trying to redirect to Eemeli for confirmation, since he knows more about neterror and Fluent at this point.
(In reply to Daniel Holbert [:dholbert] from comment #0)
It looks like
{ -brand-short-name }
is the relevant string here. However: Firefox/Focus do expand the correct{ -brand-short-name }
string in other UI -- e.g. in the "Advanced" section of the cert-error page shown for https://self-signed.badssl.com/
I believe what you're seeing is the corresponding string from an Android component (errorpages
), which doesn't seem to have implemented the equivalent of bug 1461195. That would explain how we can display Firefox Focus/Klar, which mozilla-central doesn't know anything about.
The localization of GeckoView hasn't been exactly straightforward so far (see bug 1605358, and lack of interest/replies). I wouldn't be surprised that GV doesn't know how to deal with branding at all, and indeed falls back to unofficial.
Comment 5•2 years ago
|
||
Confirming this. I don't think it's the iframe part that's causing the issue, but something else about the error page on mobile browsers.
For a minimal reproduction, enter the address about:neterror?
(including the terminal ?
) on Firefox and/or Focus on Android, and observe that in all cases, including browsers that are otherwise localised, the fallback error is reported as:
Nightly can't load this page for some reason.
That's effectively a hack to get around the usual error display that's used on Android, by relying on the way we internally pass variables via query parameters; this is what the iframed errors end up using as well. On desktop, the error is localized and uses the right brand name.
Adding links to a couple of related bugs.
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Comment 6•2 years ago
|
||
The severity field is not set for this bug.
:cpeterson, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•1 years ago
|
Description
•