Closed Bug 1123969 Opened 10 years ago Closed 5 years ago

The about:certerror page for a view-source:https://[whatever] URL is missing the domain name.

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 941354

People

(Reporter: dholbert, Unassigned)

References

Details

Attachments

(2 files)

screenshot
85.55 KB, image/png
Details
screenshot *without* "view-source:" in URL, for comparison
84.83 KB, image/png
Details
STR: 1. Visit any of these URLs (including the "view-source:" prefix): view-source:https://tv.eurosport.com view-source:https://builddata.pub.build.mozilla.org/ view-source:https://whitehouse.gov/ (It's important that these URLs are for misconfigured servers which use an invalid cert, and hence take you to a certerror page.) 2. Inspect the certerror page that you arrive at. ACTUAL RESULTS: The page says: > You have asked Nightly to connect securely to , > but we can't confirm that your connection is secure. Note the blank space and comma, where a domain-name should be. EXPECTED RESULTS: The domain name should be included in the message (as it is if you strip out the "view-source:" prefix). (I just hit this in the wild, when clicking a link to some source in my error console, which pointed to a source file that happened to be hosted on a misconfigured server. So the "source view" popup window showed this bogus about:certerror page with no domain name.)
Attached image screenshot
As shown in the screenshot, the domain *is present* in the "Technical Details" area (which is closed by default), but it's missing from the first paragraph of the page.
I'm using Nightly 38.0a1 (2015-01-20) Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Yeah, this will be because the view-source URL itself doesn't have a host. We would need to specialcase it and ask the nested URI for a host.
This is reproducible in newer versions (incl 51.0.1) that have the updated Insecure Connection page UI, albeit the wording on the page is different. view-source:https://builddata.pub.build.mozilla.org/ "The owner of has configured their website improperly." Expected: "The owner of builddata.pub.build.mozilla.org has configured their website improperly."

This doesn't seem to work at all anymore - no page loads at all (tested with view-source:https://expired.badssl.com/ ), in both nightly and 76. :-(

Wonder if this is to do with the fission-related actor refactor or document channels. Johann, can you take a look? I don't mind too much about view-source, but I'm worried what else we're missing in this way.

Component: General → Security
Flags: needinfo?(jhofmann)
Flags: in-testsuite?
OS: Linux → All
Hardware: x86_64 → All

We noticed the same thing on bug 941354. I haven't investigated yet.

view-source: for a cert error is completely broken, as bug 941354 says. So maybe we can just dupe this one?

Flags: needinfo?(jhofmann)

Some more details in https://bugzilla.mozilla.org/show_bug.cgi?id=941354#c38 but it's all generally really weird.

Depends on: 1631782

(In reply to Johann Hofmann [:johannh] from comment #8)

view-source: for a cert error is completely broken, as bug 941354 says. So maybe we can just dupe this one?

Sure, that's fine with me.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: