Closed Bug 796057 Opened 12 years ago Closed 12 years ago

Change links to download.mozilla.org to HTTPS://

Categories

(www.mozilla.org :: Pages & Content, defect, P1)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED FIXED
Future

People

(Reporter: cmore, Assigned: craigcook)

References

Details

(Whiteboard: u=dev c=downloads p=3 r=109624)

We should change all links to download.mozilla.org to be to https:// instead of http://. Most of the changes will be on /products/download.html to pop the JavaScript box or show the download buttons with JavaScript disabled. SSL should be enabled on download.mozilla.org today (2012-10-01 per bug 795439) and this can be done anytime SSL is enabled. This is for the stub installer project, but this specific change is not blocked by anyone other than IT enabling SSL.
Depends on: 795439
Blocks: 796103
We need some QA on this. Specifically, there is some concern that some older browsers (notably IE6) will throw a warning if an HTTPS site redirects to an HTTP site. A connection to bouncer over https://, which subsequently returns an http:// link to a mirror/CDN would potentially trigger this. This is resolved as moot only if we're able to move all installers to an SSL mirror... but even then there's a fallback situation to think about. If no SSL mirrors are available, we'd probably still prefer to serve downloads over non-SSL (as compared to not serving downloads at all). QA testing is relatively straightforward. We need to make sure links like this: https://download.mozilla.org/?product=firefox-15.0.1&os=osx&lang=en-US don't result in error pages/pop-ups on any browser major browser (specifically IE6). If they do, we need to rethink this before we deploy any changes... or be willing to accept the consequences for those users.
Priority: -- → P1
Whiteboard: u=dev c=downloads p=3
Target Milestone: --- → Future
The only thing I have found so far is the insecure content dialog in IE6 http://cl.ly/image/3f1f3m0T2y31
Should be an easily change here: http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/download.html?view=markup Line 316. Change from http to https
The dialog is shown when you first visit the site and also when you click the download Firefox. We need to fix this
(In reply to raymond [:retornam] from comment #3) > The only thing I have found so far is the insecure content dialog in IE6 > http://cl.ly/image/3f1f3m0T2y31 Do you have an idea of where the http/https mix is coming from? Where is the absolute URL to an HTTP page resource (probably image) is coming from when the site is on https?
There's just one occurrence of download.mozilla.org in Bedrock: apps/mozorg/helpers.py: 'direct': 'http://download.mozilla.org/', (this is the important one, I'm guessing) There's a bunch in the product-details files too, like mobile_details.json -- not sure what generates that, nor what uses it.
(In reply to Chris More [:cmore] from comment #4) > Should be an easily change here: > > http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/ > download.html?view=markup > > Line 316. Change from http to https Craig is looking into making the change. Craig, let us know if anything needs clarifying or you need more info.
Assignee: nobody → craigcook.bugz
(In reply to Mike Alexis [:malexis] from comment #8) > (In reply to Chris More [:cmore] from comment #4) > > Should be an easily change here: > > > > http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/ > > download.html?view=markup > > > > Line 316. Change from http to https > > Craig is looking into making the change. > > Craig, let us know if anything needs clarifying or you need more info. There is a dozen more occurences of download.mozilla.org on the php site: js/mozilla-language-search.js 219: var href = 'http://download.mozilla.org/?product=firefox-' + this.version + js/download.old.js 155: return "http://download.mozilla.org/?product="; 159:// The optional boolean is used when we want to get the download.mozilla.org js/download-transition-l10n.js 102: // 2. Build download.mozilla.org URL out of those vars. 103: download_url = "http://download.mozilla.org/?product="; 127: // 5. automatically start the download of the file at the constructed download.mozilla.org URL js/download.js 138: // local page instead of the download.mozilla.org hostname. 144: if (temp[0].indexOf('http://download.mozilla.org') == 0) { en-US/firefox/unsupported-systems.html 48: // Build download.mozilla.org URL out of those vars. 49: download_url = "http://download.mozilla.org/?product="; en-US/products/download.html 144: // This will make all links go directly to download.mozilla.org 166: // This will make all links go directly to download.mozilla.org 315: // 2. Build download.mozilla.org URL out of those vars. 316: download_url = "http://download.mozilla.org/?product="; includes/l10n/download-transition-pages.inc.php 28:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}"; includes/l10n/libs/class.download.php 243: $_extra_link_attr .= 'onclick="javascript:init_download(\''."http://download.mozilla.org/?product={$_product}-{$_current_version}&os={$_os_shortname}&lang={$locale}".'\');"'; includes/l10n/download-transition-pages-newbranding.inc.php 30:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}";
Links updated in r109624
Whiteboard: u=dev c=downloads p=3 → u=dev c=downloads p=3 r=109624
Bedrock has been pushed to production. PHP changes merged to tags/production in r109657 so it should be updated within a few minutes.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Prod push was reverted in r109658 due to a bad merge, will resolve once it's merged again.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Committed to tags/production in r109663.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Committed small fixes to stage in r109667 and prod in r109668 to remove some Aurora-tweet-promo text that accidentally got included in the merge.
You need to log in before you can comment on or make changes to this bug.