Closed Bug 1319757 Opened 8 years ago Closed 8 years ago

XHR requests to localhost create mixed active content warnings

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 903966

People

(Reporter: mattlloydhouse, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Build ID: 20161025170400 Steps to reproduce: I wrote a simple server that, say, listens for a POST on http://localhost:19028 and echoes an empty HTTP 200 back at the client if its request is valid. (In my instance, a single boolean is returned, but that is unimportant for the purposes of this question.) Then, I set up a JavaScript program that would send an XMLHTTPRequest to that port, and would presumably get the response. Note that this program is pasted into the browser console on an HTTPS site (for DOM access). Actual results: Due to the website running HTTPS and my server only running HTTP, Firefox did not allow the request due to its blocking insecure mixed active content. Expected results: Due to my inability to find a solution to this issue, I eventually was forced to disable mixed active content blocking in my browser's about:config. However, I believe that requests to localhost shouldn't be considered unsafe, as they never leave the originating system; such a drastic measure as enabling all unsafe content shouldn't be necessary.
Is it not possible to enable SSL for localhost? I think it's possible with Apache.
Component: Untriaged → DOM: Security
Product: Firefox → Core
Blocks: MixedContentBlocker
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.