New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 892639 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
mkwst@chromium.org
swarnasree.mukkala@chromium.org
mea...@chromium.org
palmer@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Feature



Sign in to add a comment

Don't allow http(s) hosts to redirect to ftp://

Reported by darkudo...@gmail.com, Oct 5 
UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0

Example URL:
https://bit.ly/2Pev7qb

Steps to reproduce the problem:
1. Click on https://bit.ly/2Pev7qb

What is the expected behavior?
Safari blocks this and shows attached error message. Only if I then click into the address bar and press enter it loads the ftp page.

What went wrong?
We see ftp://terrax.net/index.html

Did this work before? N/A 

Chrome version: 71.0.3569.0  Channel: dev
OS Version: Debian Testing
Flash Version: 

This is a spin-off for https://bugs.chromium.org/p/chromium/issues/detail?id=892610#c2.
I also filed a bug at https://bugzilla.mozilla.org/show_bug.cgi?id=1496725.
Safari.png
1.2 MB View Download

Comment 1 by krajshree@chromium.org, Oct 7

Labels: Needs-Triage-M71

Comment 2 by jselover@chromium.org, Oct 8

Components: -Internals>Network Internals>Network>FTP

Comment 3 by swarnasree.mukkala@chromium.org, Oct 9

Cc: swarnasree.mukkala@chromium.org
Labels: Needs-Feedback Triaged-ET
Tried testing the issue on reported chrome version #71.0.3569.0 and latest chrome #71.0.3573.0 using Ubuntu 17.10 by following below steps.

Steps:
===== 
1.Launched chrome.
2.Navigated to "https://bit.ly/2Pev7qb".
3.Observed that the site cannot be reached.

Attached screenshot for reference.
@reporter: Could you please review the attached screenshot and let us if anything is being missed. If possible request you to provide screencast/screenshot of the issue so that it would help in triaging it further and also confirm if this is specific to Debian.
Thanks.!
892639.png
123 KB View Download

Comment 4 by darkudo...@gmail.com, Oct 9 

This is a "feature" request to adopt Safari's behavior (better security UX). It's not a regression.
I don't see a DNS or network problem on our side.
Here is another example: https://bit.ly/2yoJVLp redirects to ftp://ftp.de.debian.org/debian/
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 9

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 Deleted

Comment 7 by swarnasree.mukkala@chromium.org, Nov 5

Labels: -Type-Bug Target-72 M-72 FoundIn-71 FoundIn-70 FoundIn-72 OS-Mac OS-Windows Type-Feature
Status: Untriaged (was: Unconfirmed)
As per comment#4 the issue seems to be a feature request, hence marking it as untriaged and requesting someone from the dev team to look into the issue.

Thanks.!

Comment 8 by mpear...@chromium.org, Nov 13

Components: Security

Comment 9 by emilyschechter@chromium.org, Nov 13

Cc: mea...@chromium.org
Status: Available (was: Untriaged)
marking available, cc'ing meacer. seems like a low priority thing that would be reasonable to do

Comment 10 by mea...@chromium.org, Nov 13

Cc: palmer@chromium.org nasko@chromium.org
+palmer and nasko who might have opinions about ftp :)

I believe the original report means redirects only, and not navigations. If so, this might be a reasonable thing to do.

Comment 11 by mea...@chromium.org, Nov 13

Components: UI>Browser>Navigation

Comment 12 Deleted

Comment 13 by mmenke@chromium.org, Nov 26

Cc: mkwst@chromium.org
[mkwst]:  FYI, since you've been leading the charge on removing some cases where FTP is supported.

Sign in to add a comment