Open Bug 1184337 Opened 9 years ago Updated 2 years ago

Investigate if ImageLib cache causes wrong scheme in console message in mixed content blocker

Tracking

()

Status:

NEW

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

9 years ago

      No description provided.

Christoph Kerschbaumer [:ckerschb]

Reporter

Comment 1

•

9 years ago

After investigating Bug 1183563, where we incorrectly log a message to the console when the CSP directive upgrade-insecure-requests is used. I am pretty sure we have the same problem for imgLib cache for HSTS.

Steps to investigate:
* Go to a page that uses HSTS and loads an image over http
* Refresh the page so the image is loaded from the cache
* Investigate if the browser console message displays *http* or *https*.

If the console message shows something like:
> Loading insecure mixed content: *https*
it might confuse users because the load is actually secure but still displays a warning.

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

9 years ago

Blocks: 1082837

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

8 years ago

Whiteboard: [domsecurity-backlog]

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

8 years ago

Blocks: MixedContentBlocker

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

5 years ago

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Investigate if ImageLib cache causes wrong scheme in console message in mixed content blocker

Categories

(Core :: DOM: Security, defect)

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Updated

Updated

Updated