Closed
Bug 896211
Opened 11 years ago
Closed 11 years ago
browser.mixedcontent.warning.infoURL should use SSL
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
VERIFIED
FIXED
Firefox 26
People
(Reporter: sjw+bugzilla, Assigned: ananuti)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 3 obsolete files)
|
(deleted),
patch
|
ananuti
:
review+
|
Details | Diff | Splinter Review |
The value of browser.mixedcontent.warning.infoURL (Learn More) is http://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/
It should be https://support.mozilla.org/1/%APP%/%VERSION%/%OS%/%LOCALE%/mixed-content/ (Use https)
Blocks: MixedContentBlocker
Summary: warning info URL → warning info URL should use SSL
|
||
Updated•11 years ago
|
Summary: warning info URL should use SSL → browser.mixedcontent.warning.infoURL should use SSL
|
Assignee | |
Comment 1•11 years ago
|
||
Assignee: nobody → ananuti
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #778937 -
Flags: review?(gavin.sharp)
Comment on attachment 778937 [details] [diff] [review]
patch
Wow, thats fast :)
> pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");
For what is this Line?
|
||
Comment 3•11 years ago
|
||
Comment on attachment 778937 [details] [diff] [review]
patch
This looks good, but this link should really be relative to app.support.baseURL, rather than in its own pref. Do you want to fix that instead?
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #778937 -
Attachment is obsolete: true
Attachment #778937 -
Flags: review?(gavin.sharp)
Attachment #779019 -
Flags: review?(gavin.sharp)
|
|
||
Updated•11 years ago
|
Attachment #779019 -
Flags: review?(gavin.sharp) → review?(jaws)
|
||
Updated•11 years ago
|
Attachment #779019 -
Flags: review?(jaws) → review?(mconley)
|
|
||
Comment 5•11 years ago
|
||
I think this patch should use openHelpLink though I haven't tested it.
|
||
Comment 6•11 years ago
|
||
Comment on attachment 779019 [details] [diff] [review]
patch, v2
(In reply to Jared Wein [:jaws] (Vacation 8/1 to 8/4) from comment #5)
> I think this patch should use openHelpLink though I haven't tested it.
There are a number of places where we don't use openHelpLink - and it's usually for stuff like this (dynamically populated / initted UI). I think we're OK to still do this - but feel free to file a follow-up bug if you think this is a real issue.
Anyhow, this patch looks good to me. Thanks Ekanan!
Attachment #779019 -
Flags: review?(mconley) → review+
|
|
||
Comment 7•11 years ago
|
||
(In reply to Mike Conley (:mconley) from comment #6)
> There are a number of places where we don't use openHelpLink - and it's
> usually for stuff like this (dynamically populated / initted UI)
We should be able to just set the onclick attribute on the link, rather than setting href?
I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or somesuch
|
|
||
Comment 8•11 years ago
|
||
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #7)
> (In reply to Mike Conley (:mconley) from comment #6)
> > There are a number of places where we don't use openHelpLink - and it's
> > usually for stuff like this (dynamically populated / initted UI)
>
> We should be able to just set the onclick attribute on the link, rather than
> setting href?
>
> I.e. helplink.setAttribute("onclick", "openHelpLink('mixed-content');"); or
> somesuch
Yeah, I'd be fine with that too. Either that, or blanket conversion of all such instances in a separate bug (since this bug was just about switching the link to HTTPS).
Ekanan - how do you feel about spinning up a new patch with Gavin's suggestion?
Flags: needinfo?(ananuti)
|
|
Assignee | |
Comment 9•11 years ago
|
||
Updated the patch to use openHelpLink.
Attachment #785297 -
Flags: review?(mconley)
Flags: needinfo?(ananuti)
|
|
||
Comment 10•11 years ago
|
||
Comment on attachment 785297 [details] [diff] [review]
patch, v3
Review of attachment 785297 [details] [diff] [review]:
-----------------------------------------------------------------
So sorry for the delay! This looks good to me.
Attachment #785297 -
Flags: review?(mconley) → review+
|
|
Assignee | |
Comment 11•11 years ago
|
||
carrying over r=mconley
Attachment #779019 -
Attachment is obsolete: true
Attachment #785297 -
Attachment is obsolete: true
Attachment #791909 -
Flags: review+
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
||
Comment 12•11 years ago
|
||
Keywords: checkin-needed
Whiteboard: [fixed-in-fx-team]
|
|
||
Comment 13•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 26
|
||
Comment 14•11 years ago
|
||
I confirm the fix is verified on Latest Nightly 26.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
browser.geolocation.warning.infoURL pref is using https as mentioned in Comment 0.
https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in
before you can comment on or make changes to this bug.
Description
•