Closed Bug 1208567 Opened 9 years ago Closed 8 years ago

SVG doesn't work consistently. A site has https policy setup. If I open the page via https -- svg works. If I click link to same svg using http, it doesnt

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1247733

People

(Reporter: working.good, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150807085045

Steps to reproduce:

Here is a demo link: https://www.doyourmath.com/t.html .

It works if you open the link. Inside it has link to same page but with http://. The https policy of the site forces FF to redirect http:// link to https://. 


Actual results:

After this -- SVG masks dont work, and nothing helps, even F5. Though the page and link is the same as first one. 


Expected results:

SVGs should be rendered the same, because the page is the same.

I mean if you click a link inside https://www.doyourmath.com/t.html , SVG is not rendered correctly anymore (though the page is exactly the same as originally). 

I suspect that somehow during redirect from http:// to https:// "svg-rendering-engine" gets messed up.
Component: Untriaged → SVG
Product: Firefox → Core
We've been able to reproduce this problem on two sites, but we're actively trying to work around it, so I don't have a link to post right now.

The bug is triggered by using SVG masks or the xlink:href="#anchor" style SVG embedding.

To reproduce this, somewhat intermittently:

1. Build a page containing SVGs with one of these mask techniques. Al's test page above is a great isolated example.
2. Host the page on a server that forces redirects from HTTP to HTTPS
3. Clear your cache (and sometimes restart Firefox)
4. Visit the page by going to the insecure address (e.x. http://www.example.org)
5. You'll get redirected to https://www.example.org and masked SVGs won't load

- Refreshing this tab of Firefox doesn't fix the rendering
- Masks start working again if you follow an HTTPS link to another page of the site
- Masks work if you return to the site later (Firefox cached the secure redirect at this point)
is this a regression i.e. did it work in some older version of firefox? If so findin a regression range would be most useful via http://mozilla.github.io/mozregression/
Flags: needinfo?(corey)
The bug is still there.
(In reply to Robert Longson from comment #3)
> is this a regression i.e. did it work in some older version of firefox? If
> so findin a regression range would be most useful via
> http://mozilla.github.io/mozregression/

Duplicate https://bugzilla.mozilla.org/show_bug.cgi?id=845265
This issue has been from build 42.0 (introduction basic svg in firefox). Also broke in 43.0.3 and the newest beta 44.0b8
(In reply to Robert Longson from comment #3)
> is this a regression i.e. did it work in some older version of firefox? If
> so findin a regression range would be most useful via
> http://mozilla.github.io/mozregression/

Found a workaround, the svg is working when I disable a response header:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Dont know if others also using this security header.
Al, did you change you website? I can't reproduce the issue with FF45.
Flags: needinfo?(working.good)
(In reply to theo from comment #6)
> Found a workaround, the svg is working when I disable a response header:
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Given that (and given that Loic can't reproduce the issue in Firefox 45), I think this is a duplicate of bug 1247733, which has been fixed or worked around (via helper bug 1249452) back to Firefox 45.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
(Please reopen if you can still reproduce in Firefox 45 or later.
Flags: needinfo?(corey)
You need to log in before you can comment on or make changes to this bug.