All users were logged out of Bugzilla on October 13th, 2018

WebSockets SecurityError The operation is insecure regression

RESOLVED INVALID

Status

()

RESOLVED INVALID
a year ago
a year ago

People

(Reporter: ram, Unassigned)

Tracking

56 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Steps to reproduce:

Reference https://github.com/novnc/noVNC/issues/894#issuecomment-329060642 for how to reproduce. Essentially, the popular noVNC and websockify software is broken on current Firefox.

I have confirmed this in Firefox Versions 55.0.3 (current stable) and the current aurora version 56.0b11. Firefox 54.0 does not have any problem, neither does Seamonkey 2.48 or Chrome or IE11 or Edge etc.



Actual results:

With current noVNC and websockify Firefox 55 and 56 both currently have a regression which causes noVNC to fail to establish a websocket.

The Firefox console errors with "Failed when connecting: Error while connecting (SecurityError: The operation is insecure.)"

Setting network.websocket.allowInsecureFromHTTPS to true in about:config restores the expected behavior.

I believe this is a bug because opening an HTTP websocket from an HTTP webpage on the same hostname and port should not be triggering this security exception. No HTTPS is involved at all at any stage of the request.



Expected results:

noVNC should have connected to the websocket normally.
(Reporter)

Updated

a year ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
(Reporter)

Comment 1

a year ago
This seems to be related to how firefox handles redirections from an https to http context. In that sense this could be described as expected behavior.

Closing as invalid.
You need to log in before you can comment on or make changes to this bug.