Closed Bug 1208567 Opened 10 years ago Closed 9 years ago

SVG doesn't work consistently. A site has https policy setup. If I open the page via https -- svg works. If I click link to same svg using http, it doesnt

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1247733

People

(Reporter: working.good, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Build ID: 20150807085045 Steps to reproduce: Here is a demo link: https://www.doyourmath.com/t.html . It works if you open the link. Inside it has link to same page but with http://. The https policy of the site forces FF to redirect http:// link to https://. Actual results: After this -- SVG masks dont work, and nothing helps, even F5. Though the page and link is the same as first one. Expected results: SVGs should be rendered the same, because the page is the same.
I mean if you click a link inside https://www.doyourmath.com/t.html , SVG is not rendered correctly anymore (though the page is exactly the same as originally). I suspect that somehow during redirect from http:// to https:// "svg-rendering-engine" gets messed up.
Component: Untriaged → SVG
Product: Firefox → Core
We've been able to reproduce this problem on two sites, but we're actively trying to work around it, so I don't have a link to post right now. The bug is triggered by using SVG masks or the xlink:href="#anchor" style SVG embedding. To reproduce this, somewhat intermittently: 1. Build a page containing SVGs with one of these mask techniques. Al's test page above is a great isolated example. 2. Host the page on a server that forces redirects from HTTP to HTTPS 3. Clear your cache (and sometimes restart Firefox) 4. Visit the page by going to the insecure address (e.x. http://www.example.org) 5. You'll get redirected to https://www.example.org and masked SVGs won't load - Refreshing this tab of Firefox doesn't fix the rendering - Masks start working again if you follow an HTTPS link to another page of the site - Masks work if you return to the site later (Firefox cached the secure redirect at this point)
is this a regression i.e. did it work in some older version of firefox? If so findin a regression range would be most useful via http://mozilla.github.io/mozregression/
Flags: needinfo?(corey)
The bug is still there.
(In reply to Robert Longson from comment #3) > is this a regression i.e. did it work in some older version of firefox? If > so findin a regression range would be most useful via > http://mozilla.github.io/mozregression/ Duplicate https://bugzilla.mozilla.org/show_bug.cgi?id=845265 This issue has been from build 42.0 (introduction basic svg in firefox). Also broke in 43.0.3 and the newest beta 44.0b8
(In reply to Robert Longson from comment #3) > is this a regression i.e. did it work in some older version of firefox? If > so findin a regression range would be most useful via > http://mozilla.github.io/mozregression/ Found a workaround, the svg is working when I disable a response header: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security Dont know if others also using this security header.
Al, did you change you website? I can't reproduce the issue with FF45.
Flags: needinfo?(working.good)
(In reply to theo from comment #6) > Found a workaround, the svg is working when I disable a response header: > https://www.owasp.org/index.php/HTTP_Strict_Transport_Security Given that (and given that Loic can't reproduce the issue in Firefox 45), I think this is a duplicate of bug 1247733, which has been fixed or worked around (via helper bug 1249452) back to Firefox 45.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
(Please reopen if you can still reproduce in Firefox 45 or later.
Flags: needinfo?(corey)
You need to log in before you can comment on or make changes to this bug.