Closed Bug 1399354 Opened 8 years ago Closed 8 years ago

WebSockets SecurityError The operation is insecure regression

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
56 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: ram, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Steps to reproduce: Reference https://github.com/novnc/noVNC/issues/894#issuecomment-329060642 for how to reproduce. Essentially, the popular noVNC and websockify software is broken on current Firefox. I have confirmed this in Firefox Versions 55.0.3 (current stable) and the current aurora version 56.0b11. Firefox 54.0 does not have any problem, neither does Seamonkey 2.48 or Chrome or IE11 or Edge etc. Actual results: With current noVNC and websockify Firefox 55 and 56 both currently have a regression which causes noVNC to fail to establish a websocket. The Firefox console errors with "Failed when connecting: Error while connecting (SecurityError: The operation is insecure.)" Setting network.websocket.allowInsecureFromHTTPS to true in about:config restores the expected behavior. I believe this is a bug because opening an HTTP websocket from an HTTP webpage on the same hostname and port should not be triggering this security exception. No HTTPS is involved at all at any stage of the request. Expected results: noVNC should have connected to the websocket normally.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
This seems to be related to how firefox handles redirections from an https to http context. In that sense this could be described as expected behavior. Closing as invalid.
You need to log in before you can comment on or make changes to this bug.