Closed Bug 133455 Opened 23 years ago Closed 23 years ago

https->http: password dlg before security warning.

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 62178

People

(Reporter: mozilla-bugs, Assigned: adamlock)

Details

reproducible: have not tried yet. 1) Go to some https page 2) Go to password-protected http url Expected: security warning pops up before anything interesting happens. Actual: password dialog is shown first, only afterwards Mozilla warns me that the password was just transmitted in the clear... BuildId 2002032109 on RedHat Linux 7.2
->Networking
Component: Security: General → Networking: HTTP
Let's try that again...
Assignee: mstoltz → darin
QA Contact: bsharma → tever
interesting bug... it probably means that whoever is issuing those warnings isn't doing it until HTTP sends out an OnStartRequest.... seems like they should do it once a non-HTTPS URL is requested. i'm not sure who owns that dialog... -> docshell (perhaps?)
Assignee: darin → adamlock
Component: Networking: HTTP → Embedding: Docshell
QA Contact: tever → adamlock
In Netscape 4 the warning dlg used to appear before the insecure page starts loading. In Mozilla it seems that it only appears when the insecure page finishes loading.
Keywords: 4xp
cc'ing some security folks... they'd know where these dialogs hook in and would probably want to own this bug.
We need to fix 62178, and this issue will then be fixed, too. Allowing people to cancel the request also means, that the future warning will fire up early enough in the process, to guarantee that the warning will be shown before any data gets transferred. The current behaviour of the security warnings is doing it very late. It reacts on page load progress events, which are sent out after the transfer has started. *** This bug has been marked as a duplicate of 62178 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.