Closed
Bug 1063390
Opened 10 years ago
Closed 3 years ago
MIxed content notification disappears from one of Mozilla test pages (http://goo.gl/1VKLbp ) .
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: VarCat, Unassigned)
References
Details
Environment:
FF 34
Build Id: 20140831030206
OS: Win 7 x64, Ubuntu 13.04 x64, Mac Os X 10.9.4
STR:
1. Go to https://people.mozilla.org/~mkelly/mixed_test.html
2. Disable protection from the mixed content notification.
3. Enable protection from the mixed content notification.
Issue:
The mixed content notification disappears.
Updated•10 years ago
|
Flags: qe-verify?
Flags: firefox-backlog+
Comment 1•10 years ago
|
||
Against current beta (33), if I click "Keep blocking" when the doorhanger first shows up, the icon also disappears immediately. Isn't this expected? (Philipp, please feel free to redirect this needinfo to whoever knows the UX design for this dialog)
Flags: needinfo?(philipp)
Reporter | ||
Comment 2•10 years ago
|
||
This issue is related with the new implementation of the mixed content shield notification that implementation did not reach FF 33.
Blocks: 1043803
Comment 3•10 years ago
|
||
It is expected in 33, but shouldn't happen in 34 (Aurora) anymore.
Updated•10 years ago
|
Flags: needinfo?(philipp)
Comment 4•10 years ago
|
||
It is odd that this problem shows up for this mixed content iframe test page:
https://people.mozilla.org/~mkelly/mixed_test.html
But not this one:
https://people.mozilla.org/~tvyas/mixediframe.html
Or on a mixed script page:
https://people.mozilla.com/~tvyas/mixedcontent.html
I am looking into the issue.
Comment 5•10 years ago
|
||
The issue with this testcase https://people.mozilla.org/~mkelly/mixed_test.html is that it is trying to iframe http://cs.fit.edu page that has x-frame-options: SAMEORIGIN set. Hence, the x-frame-options code is blocking the load. (Using the same test case with other urls doesn't present the problem described in this bug.)
Open the error console and load the test case. The first time around, the request to http://cs.fit.edu never goes out (it is blocked by Mixed Content Blocker) and hence we don't know the pages x-frame-options policy. Disable protection on the page and the webconsole will show that you are loading mixed content. After the Get request for cs.fit.edu, you see a JS error - "Load denied by X-Frame-Options: http://cs.fit.edu/ does not permit cross-origin framing." Then when you re-enable protection, there are no messages in the error console and the content doesn't load. Which code is blocking the load in this case? Mixed Content Blocker or X-Frame-Options? How come neither the the x-frame-options js error or the Mixed Content Blocker error show up?
I suspect that in this case the X-Frame-Options code is at play and not the Mixed Content Blocker. Here's why -
Open the console and go to https://people.mozilla.org/~tvyas/mixedcontent.html. You will see a message about blocked content. Refresh the page and you the message comes up again.
Now open the console and go to http://people.mozilla.org/~mkelly/mixed_test.html (this is the HTTP version of the testcase, so Mixed Content Blocker isn't in play). The console shows the x-frame-options js error. Refresh the page; the error no longer shows up.
Site no longer active
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•