Closed
Bug 796057
Opened 12 years ago
Closed 12 years ago
Change links to download.mozilla.org to HTTPS://
Categories
(www.mozilla.org :: Pages & Content, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
Future
People
(Reporter: cmore, Assigned: craigcook)
References
Details
(Whiteboard: u=dev c=downloads p=3 r=109624)
We should change all links to download.mozilla.org to be to https:// instead of http://.
Most of the changes will be on /products/download.html to pop the JavaScript box or show the download buttons with JavaScript disabled. SSL should be enabled on download.mozilla.org today (2012-10-01 per bug 795439) and this can be done anytime SSL is enabled. This is for the stub installer project, but this specific change is not blocked by anyone other than IT enabling SSL.
Comment 2•12 years ago
|
||
We need some QA on this.
Specifically, there is some concern that some older browsers (notably IE6) will throw a warning if an HTTPS site redirects to an HTTP site. A connection to bouncer over https://, which subsequently returns an http:// link to a mirror/CDN would potentially trigger this.
This is resolved as moot only if we're able to move all installers to an SSL mirror... but even then there's a fallback situation to think about. If no SSL mirrors are available, we'd probably still prefer to serve downloads over non-SSL (as compared to not serving downloads at all).
QA testing is relatively straightforward. We need to make sure links like this:
https://download.mozilla.org/?product=firefox-15.0.1&os=osx&lang=en-US
don't result in error pages/pop-ups on any browser major browser (specifically IE6). If they do, we need to rethink this before we deploy any changes... or be willing to accept the consequences for those users.
Updated•12 years ago
|
Priority: -- → P1
Whiteboard: u=dev c=downloads p=3
Target Milestone: --- → Future
Comment 3•12 years ago
|
||
The only thing I have found so far is the insecure content dialog in IE6
http://cl.ly/image/3f1f3m0T2y31
Reporter | ||
Comment 4•12 years ago
|
||
Should be an easily change here:
http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/download.html?view=markup
Line 316. Change from http to https
Comment 5•12 years ago
|
||
The dialog is shown when you first visit the site and also when you click the download Firefox. We need to fix this
Reporter | ||
Comment 6•12 years ago
|
||
(In reply to raymond [:retornam] from comment #3)
> The only thing I have found so far is the insecure content dialog in IE6
> http://cl.ly/image/3f1f3m0T2y31
Do you have an idea of where the http/https mix is coming from? Where is the absolute URL to an HTTP page resource (probably image) is coming from when the site is on https?
Comment 7•12 years ago
|
||
There's just one occurrence of download.mozilla.org in Bedrock:
apps/mozorg/helpers.py: 'direct': 'http://download.mozilla.org/',
(this is the important one, I'm guessing)
There's a bunch in the product-details files too, like mobile_details.json -- not sure what generates that, nor what uses it.
Comment 8•12 years ago
|
||
(In reply to Chris More [:cmore] from comment #4)
> Should be an easily change here:
>
> http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/
> download.html?view=markup
>
> Line 316. Change from http to https
Craig is looking into making the change.
Craig, let us know if anything needs clarifying or you need more info.
Assignee: nobody → craigcook.bugz
Comment 9•12 years ago
|
||
(In reply to Mike Alexis [:malexis] from comment #8)
> (In reply to Chris More [:cmore] from comment #4)
> > Should be an easily change here:
> >
> > http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/en-US/products/
> > download.html?view=markup
> >
> > Line 316. Change from http to https
>
> Craig is looking into making the change.
>
> Craig, let us know if anything needs clarifying or you need more info.
There is a dozen more occurences of download.mozilla.org on the php site:
js/mozilla-language-search.js
219: var href = 'http://download.mozilla.org/?product=firefox-' + this.version +
js/download.old.js
155: return "http://download.mozilla.org/?product=";
159:// The optional boolean is used when we want to get the download.mozilla.org
js/download-transition-l10n.js
102: // 2. Build download.mozilla.org URL out of those vars.
103: download_url = "http://download.mozilla.org/?product=";
127: // 5. automatically start the download of the file at the constructed download.mozilla.org URL
js/download.js
138: // local page instead of the download.mozilla.org hostname.
144: if (temp[0].indexOf('http://download.mozilla.org') == 0) {
en-US/firefox/unsupported-systems.html
48: // Build download.mozilla.org URL out of those vars.
49: download_url = "http://download.mozilla.org/?product=";
en-US/products/download.html
144: // This will make all links go directly to download.mozilla.org
166: // This will make all links go directly to download.mozilla.org
315: // 2. Build download.mozilla.org URL out of those vars.
316: download_url = "http://download.mozilla.org/?product=";
includes/l10n/download-transition-pages.inc.php
28:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}";
includes/l10n/libs/class.download.php
243: $_extra_link_attr .= 'onclick="javascript:init_download(\''."http://download.mozilla.org/?product={$_product}-{$_current_version}&os={$_os_shortname}&lang={$locale}".'\');"';
includes/l10n/download-transition-pages-newbranding.inc.php
30:$dl_link = "http://download.mozilla.org/?product={$dl_product}&os={$dl_os}&lang={$dl_lang}";
Assignee | ||
Comment 10•12 years ago
|
||
Links updated in r109624
Assignee | ||
Updated•12 years ago
|
Whiteboard: u=dev c=downloads p=3 → u=dev c=downloads p=3 r=109624
Comment 11•12 years ago
|
||
Commits pushed to master at https://github.com/mozilla/bedrock
https://github.com/mozilla/bedrock/commit/d1f6f38a4e8e20e6839ea9ff8185eeb6fe38969c
Bug 796057 - switch download links to https
https://github.com/mozilla/bedrock/commit/f30a294f2c29d76122c4818f0e88d49a5210316a
Merge pull request #398 from craigcook/master
Bug 796057 - switch download links to https
Assignee | ||
Comment 12•12 years ago
|
||
Bedrock has been pushed to production.
PHP changes merged to tags/production in r109657 so it should be updated within a few minutes.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 13•12 years ago
|
||
Prod push was reverted in r109658 due to a bad merge, will resolve once it's merged again.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 14•12 years ago
|
||
Committed to tags/production in r109663.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Comment 15•12 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•