URL bar doesn't seem to update when a http navigation is upgraded to https due to HSTS

Bug #1306615 reported by Chris Coulson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Invalid
Undecided
Unassigned
webbrowser-app
Fix Released
Medium
Olivier Tilloy
webbrowser-app (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I ran webbrowser-app on the desktop, and did the following:

1) From the startpage, I typed "http://www.twitter.com/" in the URL bar
2) Twitter loads, and the URL bar updates to "https://twitter.com/" because Twitter uses HSTS and Oxide ships with Twitter hardcoded in the transport security list.
3) I retype "http://www.twitter.com/" in the URL bar whilst already viewing Twitter.
4) The page reloads, but the URL bar doesn't seem to update correctly this time (it displays "http://twitter.com").

I'm not sure yet if this is an Oxide bug or webbrowser-app bug - I didn't see any non-SSL traffic to Twitter in Wireshark when doing the second navigation

Related branches

Revision history for this message
Olivier Tilloy (osomon) wrote :

Looks like the issue is in webbrowser-app indeed. I’ve instrumented the WebView to monitor changes to the 'url' property, and it’s correctly updated to https, whereas the address bar isn’t updated.

Changed in webbrowser-app:
assignee: nobody → Olivier Tilloy (osomon)
status: New → Confirmed
Changed in oxide:
status: New → Invalid
Olivier Tilloy (osomon)
Changed in webbrowser-app:
status: Confirmed → In Progress
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webbrowser-app - 0.23+14.10.20140505.1-0ubuntu1

---------------
webbrowser-app (0.23+14.10.20140505.1-0ubuntu1) utopic; urgency=low

  [ Michael Sheldon ]
  * Resolve image URLs beginning with a double slash correctly for
    context menu items (LP: #1311626)

  [ Adnane Belmadiaf ]
  * Enabled passwordEchoEnabled (LP: #1314251)

  [ Alberto Mardegan ]
  * Split UbuntuWebContext into two different components:
    UbuntuWebContext, which is a WebContext derivative with the UA
    overrides for Ubuntu. UbuntuSharedWebContext, which is a singleton
    for UbuntuWebContext .

  [ Olivier Tilloy ]
  * Build the models in a separate static lib, and link the unit tests
    against it. This speeds up build time by avoiding having to
    recompile the models’ source for each unit test.
  * Handle javascript console messages.
  * Escape literal dots in UA override matching regular expressions.
  * Enable localStorage by default in the browser. (LP: #1309673)
  * Ensure that the URL actually changes so that the address bar is
    updated in case the user has entered a new address that redirects to
    where she previously was. (LP: #1306615)
  * Update bzr ignore rules.
 -- Ubuntu daily release <email address hidden> Mon, 05 May 2014 20:47:19 +0000

Changed in webbrowser-app (Ubuntu):
status: New → Fix Released
Olivier Tilloy (osomon)
Changed in webbrowser-app:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.