Closed Bug 375463 Opened 17 years ago Closed 16 years ago

submitting discussion redirects to page that wants to download itself

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: myk, Unassigned)

References

Details

When I submitted a discussion for the Console Squared extension, my browser informed me that the web site had redirected my submission to a different page and asked me whether I wanted to submit the same data to the new page.

I clicked OK, and then my browser prompted me to download a .php file (sorry, I don't remember which one right now).  I declined, then I checked to see if my discussion had been added, and it had:

https://addons.mozilla.org/en-US/firefox/discussions/comments.php?DiscussionID=60

So the discussion submission was successful, but it entailed two unexpected behaviors--a prompt to redirect data submission and a prompt to download a PHP file--that didn't make sense and to which users of the site should not be exposed.
Update: I've submitted another discussion, and this time I not only got the two prompts mentioned in comment 0, I also got a third one (before the first two) telling me that the information I was submitting was going to be transferred over an unencrypted channel.

And the PHP file I am prompted to download is comments.php.

FWIW, the URL of the "add discussion" page on which I'm submitting the form is:

https://addons.mozilla.org/en-US/firefox/discussions/post.php?AddOnID=1815

Just noticed the redirection as well. The form action is HTTP not HTTPS:

<form id="frmPostComment" method="post" action="http://addons.mozilla.org/en-US/firefox/discussions/post.php">

which is redirected.
The redirect-submission problem is because the discussions code isn't using our magic https/http detection code for the proxy setup, so it doesn't know that we're "really" https even though the web server is seeing http requests.
There are several bugs about this.  It is not a good idea to be bouncing between SSL and non-SSL.  Mike Shaver in comment #3 has explained what is needed to be done.

Is there a reason why this isn't getting done?

Ciao!
Severity: normal → major
OS: Linux → All
Discussions are frozen in 3.2.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.