Closed Bug 858730 Opened 11 years ago Closed 6 years ago

Selecting to visit site on a cert error page should only provide a temporary cert exception, not a permanent cert exception

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:-, b2g-v1.3 affected, b2g-v1.3T affected, b2g-v1.4 affected)

Status:
RESOLVED WONTFIX
Project Flags:
blocking-b2g -
Tracking Flags:
Tracking Status
b2g-v1.3 --- affected
b2g-v1.3T --- affected
b2g-v1.4 --- affected

People

(Reporter: jsmith, Unassigned)

References

Details

(Whiteboard: permafail) 

Build: B2G 4/5/2013
Device: Unagi

STR

1. Visit https://summitbook.mozilla.org/ in the browser
2. Select visit site under I understand the risks
3. Close the browser and kill the process
4. Open the browser again and go to https://summitbook.mozilla.org/

Expected

We should get a cert error, as we only granted a temporary exception to access the site.

Actual

We gain access to the site. This is incorrect behavior - we only granted a temporary exception to access the site, so we should only have access it while the browser process remains open.
Blocks: 846734
blocking-b2g: --- → leo?
Actually, the temporary exception is for chrome process. The exception available until chrome is killed.
I think implementing per-app cert exception can fix this problem. I don't really know about the code in CertOverrideService.cpp, but with a glimpse of the code inside CertOverrideService.cpp, it seems not trivial to make per-app cert exception. CCing people who may understand code in CertOverrideService.cpp.
Restarting the phone will revoke the temporary cert exception, so we won't block on this. Likely a lot of work anyway.
blocking-b2g: leo? → -
The bug reproduces on the latest Buri 1.3 Aurora Moz RIL, the full page access is granted after giving a temporary permission

Device: Buri 1.3 Aurora Moz RIL
BuildID: 20131210004003
Gaia: 3452fbdb5e1bed0cd27cc6173136537a03e8072f
Gecko: e0c328d99742
Version: 28.0a2
Firmware Version:v1.2_20131115
Whiteboard: burirun1.3-1
status-b2g-v1.3: --- → affected
Whiteboard: burirun1.3-1 → burirun1.3-1, burirun1.3-3
Whiteboard: burirun1.3-1, burirun1.3-3 → burirun1.3-1, burirun1.3-3, burirun1.4-1
Whiteboard: burirun1.3-1, burirun1.3-3, burirun1.4-1 → permafail
This issue also occurs on the buri 1.4 Moz Ril

1.4 Environmental Variables:
Device: Buri 1.4 MOZ
BuildID: 20140324000202
Gaia: 730670951e40b2317a167fcd07c398bb662d6e87
Gecko: a44f8b39c2c8
Version: 30.0a2
Firmware Version: v1.2-device.cfg

the full page access is granted after giving a temporary permission
Assignee: nobody → stephouillon
Assignee: stephouillon → nobody
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.