Bug 791681 - Insecure transition from HTTP to HTTPS in form post#928
Bug 791681 - Insecure transition from HTTP to HTTPS in form post#928jpetto merged 1 commit intomozilla:masterfrom kyoshino:bug-791681-form-https
Conversation
bedrock/mozorg/helpers/misc.py
Outdated
There was a problem hiding this comment.
There should be a check for localhost/debug servers somewhere in here. Local installations without SSL need to be able to test form submissions.
|
Notes from our meeting: It might be best to squash these commits into one. The HTML changes look safe, but we might want to pay special attention to the |
bedrock/mozorg/helpers/misc.py
Outdated
There was a problem hiding this comment.
PEP-8: "Don't use spaces around the = sign when used to indicate a keyword argument or a default parameter value."
|
Rebased and removed spaces around the = sign for a default parameter as per @dpoirier's comment. |
|
This is looking good, but the new |
|
Just a note to self (and @alexgibson for good measure) - will need to fix AJAX call here after merge: https://github.com/mozilla/bedrock/blob/master/media/js/firefox/os/desktop.js#L214 |
|
Will try to write tests in |
|
The fix for the AJAX call should be very simple. I believe line 214 (https://github.com/mozilla/bedrock/blob/master/media/js/firefox/os/desktop.js#L214) will need to look like:
|
|
Yeah, |
|
Added tests and fixed the Ajax call. |
bedrock/mozorg/helpers/misc.py
Outdated
There was a problem hiding this comment.
To more closely mimic a production environment, I think we should have this return ctx['request'].build_absolute_uri(path). This will give us a fully qualified URL locally instead of a possible empty string.
There was a problem hiding this comment.
Will fix it later.
|
Aside from my previous comment, this looks like an r+. After that (hopefully) final change, need to test on a demo server before merging. |
|
Fixed the |
|
r+! |
Bug 791681 - Insecure transition from HTTP to HTTPS in form post
5 participants
No description provided.