User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36 Steps to reproduce: Visit a site that redirects (302) from HTTPS to HTTP. Most sites with Steam login exhibit this behavior as a Steam OpenID contains no private information and so there's no need to secure it once authentication is complete. For example: http://www.valvesoftware.com/linuxsurvey.php?action=login (you may need to log in again once the cookie is set to reproduce it). A similar issue happens with https://slashdot.org/ which immediately redirects to https://slashdot.org/ though a different warning may be appropriate there (see https://bugzilla.mozilla.org/show_bug.cgi?id=952390). It is also more difficult to reproduce since FF reloads the page quickly after the mixed content warnings are displayed (due to the character encoding declaration not being present in the first 1024 bytes of the HTML). Actual results: Console shows "Mixed Content" warnings. Also happens in the nightly build with a new profile. Expected results: No "Mixed Content" warning should have been displayed. At no point in time is there any mixed content - there's secure content, and then there's a redirect, and then there's unsecure content. IE and Chrome do not present a warning in such circumstances.
Hello Ohad, Do you still encounter this bug on Firefox 42.0 or Nightly 46.0a1? Also if you can still replicate, can you provide me with more precise steps so I can attempt to replicate. Version 46.0a1 Build ID 20151215030221 User Agent Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0 Thank you, Justin
Hi Justin, Yes, I still encounter it in Firefox 42. To reproduce: 1. Open the Dev tools (default F12) and switch to the "Console" tab 2. Browse to http://www.valvesoftware.com/linuxsurvey.php?action=login 3. Sign in through Steam (you can create an account for free if you don't have one) 4. Observe the mixed content warnings in the Dev Console Thanks, Ohad
Ohad, Thank you for the speedy reply! I can replicate this bug and will send it up to a developer. Thanks again, Justin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Thanks Justin! I'll stay tuned :) Best, Ohad
Component: Untriaged → Networking
Product: Firefox → Core
Tanvi, is this on your radar?
No, just seeing this now. (In reply to Ohad Schneider from comment #0) > Actual results: > > Console shows "Mixed Content" warnings. Also happens in the nightly build > with a new profile. > Which part of the console shows the warnings? There are two types of console warnings. 1) The one's in the security pane that look something like: https://mdn.mozillademos.org/files/5261/blocked-mixed-content-errors.png with messages like: Blocked loading mixed active content "http://people.mozilla.com/~tvyas/cutepuppy.swf"[Learn More] mixedboth.html Blocked loading mixed active content "http://people.mozilla.com/~tvyas/frame.html"[Learn More] Loading mixed (insecure) display content "http://people.mozilla.org/~tvyas/FigureB.jpg" on a secure page[Learn More] mixedboth.html Loading mixed (insecure) display content "http://people.mozilla.org/~tvyas/FigureC.jpg" on a secure page[Learn More] mixedboth.html 2) Or the one's in the Net pane that look something like: https://mdn.mozillademos.org/files/3794/mixed_content_webconsole.jpg with messages like: GET http://people.mozilla.org/~tvyas/FigureA.jpg [Mixed Content] [HTTP/1.1 200 OK 89ms] If #2, I think this has to do with a bug in the webconsole where the url that is used for mixed content comparisons doesn't match the url in the address bar. I will see if there is already a bug open on that.
If #2, this might be a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1105470.
Thanks for looking into this Tanvi, it's indeed #2.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1105470
You need to log in before you can comment on or make changes to this bug.