https->http: password dlg before security warning.

RESOLVED DUPLICATE of bug 62178

Status

()

Core
Document Navigation
RESOLVED DUPLICATE of bug 62178
16 years ago
16 years ago

People

(Reporter: Aleksey Nogin, Assigned: Adam Lock)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
reproducible: have not tried yet.

1) Go to some https page
2) Go to password-protected http url

Expected: security warning pops up before anything interesting happens.
Actual: password dialog is shown first, only afterwards Mozilla warns me that
the password was just transmitted in the clear...

BuildId 2002032109 on RedHat Linux 7.2
->Networking
Component: Security: General → Networking: HTTP
Let's try that again...
Assignee: mstoltz → darin
QA Contact: bsharma → tever

Comment 3

16 years ago
interesting bug... it probably means that whoever is issuing those warnings
isn't doing it until HTTP sends out an OnStartRequest.... seems like they should
do it once a non-HTTPS URL is requested.

i'm not sure who owns that dialog...

-> docshell (perhaps?)
Assignee: darin → adamlock
Component: Networking: HTTP → Embedding: Docshell
QA Contact: tever → adamlock
(Reporter)

Comment 4

16 years ago
In Netscape 4 the warning dlg used to appear before the insecure page starts
loading. In Mozilla it seems that it only appears when the insecure page
finishes loading.
Keywords: 4xp

Comment 5

16 years ago
cc'ing some security folks... they'd know where these dialogs hook in and would
probably want to own this bug.

Comment 6

16 years ago
We need to fix 62178, and this issue will then be fixed, too.

Allowing people to cancel the request also means, that the future warning will
fire up early enough in the process, to guarantee that the warning will be shown
before any data gets transferred.

The current behaviour of the security warnings is doing it very late. It reacts
on page load progress events, which are sent out after the transfer has started.


*** This bug has been marked as a duplicate of 62178 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.