Open
Bug 1184337
Opened 9 years ago
Updated 2 years ago
Investigate if ImageLib cache causes wrong scheme in console message in mixed content blocker
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: ckerschb, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog])
No description provided.
Reporter | ||
Comment 1•9 years ago
|
||
After investigating Bug 1183563, where we incorrectly log a message to the console when the CSP directive upgrade-insecure-requests is used. I am pretty sure we have the same problem for imgLib cache for HSTS. Steps to investigate: * Go to a page that uses HSTS and loads an image over http * Refresh the page so the image is loaded from the cache * Investigate if the browser console message displays *http* or *https*. If the console message shows something like: > Loading insecure mixed content: *https* it might confuse users because the load is actually secure but still displays a warning.
Reporter | ||
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog]
Reporter | ||
Updated•8 years ago
|
Blocks: MixedContentBlocker
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•