Closed
Bug 562010
Opened 14 years ago
Closed 13 years ago
FireFox generates "connection partially encrypted" warning for pages that contain secure content from multiple domains
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: schwarzenneger, Unassigned)
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 All pages on my website use Google AJAX API. When the page is viewed on http connection, the API is loaded from http://www.google.com/jsapi?key= When the page is viewed on https connection, the API is loaded from https://www.google.com/jsapi?key= User sessions normally start from http pages and at some point they are sent to https page for login and/or credit card entry. First time such a page is opened, the page behaves as some of the content is insecure. The indications include: * The favicon not turning blue * An exclamation icon over the padlock icon * Right click > View Page Info shows "Connection Partially Encrypted" message * Refreshing the same page fixes the problem. Google AJAX API is used on various websites and it is probable that two websites might be using same set of files. In such case, above behavior can be observed when user clicks a link on http://domain.com/regular.html to https://another-domain.com/secure.html; the secure.html page will appear as partially encrypted. Reproducible: Always Steps to Reproduce: Need a webserver that is https capable. See attached html files. Where to place the files and how to reproduce the error is documented in the files. (a) I believe it has something to do with "caching"... Google AJAX APIs send aggressive caching instructions to the browser and may be the browser tries to use http cached version of the file on https pages. (b) The problem looks very specific but eventually it wont be that way as gurus are recommending to switch to Google CDN servers for dispatching JavaScript libraries.
This file should be placed on a webserver and viewed over http connection. Before uploading, edit the two links in the file to point to your test https servers.
This file should be placed on a webserver and viewed over https connection. In relation to the previous file, this file can be placed on a webserver with same domain as the previous file to test case #1 or on a webserver with another domain name to test case #2.
Attachment #441785 -
Attachment description: This file should be placed on a webserver and viewed over http connection. Before uploading, edit the two links in the file to point to your test https servers. → This file should be placed on a webserver and viewed over http connection.
Comment 5•14 years ago
|
||
Reporter -> Are you still experiencing this issue? Can you reproduce in safe mode and a new profile? Do you have a live site you can point to that exhibits this problem?
Comment 6•13 years ago
|
||
Salman -> Do you have a live site you can point to that exhibits this problem?
Sorry, I am unable to reproduce the error with FireFox version: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 You're welcome to close the bug.
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•