search

mozilla-mobile / android-components

⚠️ This project moved to a new repository. It is now developed and maintained at: https://github.com/mozilla-mobile/firefox-android
https://github.com/mozilla-mobile/firefox-android
Mozilla Public License 2.0
2.02k stars 473 forks source link

Don't show [Advanced..] button on HTTPS error when on ErrorType.ERROR_SECURITY_SSL #10588

Closed makotokato closed 3 years ago

makotokato commented 3 years ago

Original issue is https://github.com/mozilla-mobile/fenix/issues/18441.

Actually, components/browser/errorpages/src/main/java/mozilla/components/browser/errorpages/ErrorPages.kt shows [Advanced...] button on HTTPS error when error is ErrorType.ERROR_SECURITY_SSL or ErrorType.ERROR_SECURITY_BAD_CERT.

When error is ErrorType.ERROR_SECURITY_BAD_CERT, it is overridable. But ErrorType.ERROR_SECURITY_SSL isn't overridable. (See https://bugzilla.mozilla.org/show_bug.cgi?id=1696841#c11 and https://bugzilla.mozilla.org/show_bug.cgi?id=1696841#c12). So we shouldn't show [Adavaned..] button on ErrorType.ERROR_SECURITY_SSL.

┆Issue is synchronized with this Jira Task

makotokato commented 3 years ago

In https://badssl.com/, "revoke" and "pinning-test" is ErrorType.ERROR_SECURITY_SSL case. In Firefox Desktop this error doesn't show overridable button.