Closed
Bug 1348793
Opened 7 years ago
Closed 7 years ago
Wrong insecure connection indicator on frameset/iframe
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1334760
People
(Reporter: patrizio.gagliardi, Unassigned)
Details
Attachments
(1 file)
213.81 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170302120751 Steps to reproduce: In a web application we forced HTTPS connection in login pages and in the change password page but this one is inside a frameset where the frameset page can be loaded without an SSL connection. The change password page is loaded only via https and posts to a page that accepts connections only via https. Actual results: The version 52 of Firefox marks as unsecure the data written inside the change password page, although this is loaded via SSL. This doesn't happen if the entire frameset is loaded via SSL. Expected results: I expected that the browser didn't mark the data insertion as insecure, because both the form page and the form target are loaded via SSL. The attached image shows the issue (all logos and infos are removed for privacy issues).
Login form served in iframe through SSL on unsecure (HTTP) website is unsafe, see bug 1334760.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•