Closed Bug 133455 Opened 22 years ago Closed 22 years ago

https->http: password dlg before security warning.

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 62178

People

(Reporter: mozilla-bugs, Assigned: adamlock)

Details

reproducible: have not tried yet.

1) Go to some https page
2) Go to password-protected http url

Expected: security warning pops up before anything interesting happens.
Actual: password dialog is shown first, only afterwards Mozilla warns me that
the password was just transmitted in the clear...

BuildId 2002032109 on RedHat Linux 7.2
->Networking
Component: Security: General → Networking: HTTP
Let's try that again...
Assignee: mstoltz → darin
QA Contact: bsharma → tever
interesting bug... it probably means that whoever is issuing those warnings
isn't doing it until HTTP sends out an OnStartRequest.... seems like they should
do it once a non-HTTPS URL is requested.

i'm not sure who owns that dialog...

-> docshell (perhaps?)
Assignee: darin → adamlock
Component: Networking: HTTP → Embedding: Docshell
QA Contact: tever → adamlock
In Netscape 4 the warning dlg used to appear before the insecure page starts
loading. In Mozilla it seems that it only appears when the insecure page
finishes loading.
Keywords: 4xp
cc'ing some security folks... they'd know where these dialogs hook in and would
probably want to own this bug.
We need to fix 62178, and this issue will then be fixed, too.

Allowing people to cancel the request also means, that the future warning will
fire up early enough in the process, to guarantee that the warning will be shown
before any data gets transferred.

The current behaviour of the security warnings is doing it very late. It reacts
on page load progress events, which are sent out after the transfer has started.


*** This bug has been marked as a duplicate of 62178 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.