Closed Bug 1410070 Opened 8 years ago Closed 7 years ago

security.insecure_field_warning.ignore_local_ip_address not working

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
58 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: tgiovang, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20171018220049 Steps to reproduce: Connect to some devices that has a login/password page on my local network (devices IP address are like 192.168.0.xxx) . Tested with Firefox nightly (v58.0a1 2017-10-18) and Firefox dev (57.0b2) both on ubuntu 14.04 Actual results: Firefox always prompt that this connection is insecure because https is not used. Expected results: As the flag in about:config security.insecure_field_warning.ignore_local_ip_address is set to true (it's the default), Firefox shouldn't have warned about the lack of https certificate for address like 192.168.0.xx. Setting security.insecure_field_warning.ignore_local_ip_address to false don't change the result.
Component: Untriaged → Security
Product: Firefox → Core
Do the pages in question have frames? If so, the issue is bug 1364080.
Flags: needinfo?(tgiovang)
No the page don't have any iframe. It's page of some IOT device I'm developing at work, and the web interface is my one of the part I'm responsible (so I'm sure they don't any iframe). Anyway I tested today, and the result is okay with firefox 63.0a1 and Firefox 61 ... maybe it's been fixed somewhere between v57 and v61. Or maybe I used an extension that caused this (I have very few extensions, and if I recall correctly I disabled all before filling this bug), and now I don't use this extension any more. So, We can probably close this bug ? Or should I test with Firefox ESR before (it's currently v60 and v52) ? ... will see if I can install both somewhere for the test).
Flags: needinfo?(tgiovang)
I redid the test with fresh install of firefox ESR v60 and v52; because this is the 2 versions available at www.mozilla.org/en-US/firefox/organizations/ (at the time of writing this) Only Firefox v52 has the problem : it show the insecure box below the login inputs for devices on local network (with IP like 192.168.0.xxx). Firefox v60 don't show it.
Thanks for following up. Bug 1337246 was only implemented in Firefox 55 so that makes sense.
Blocks: 1337246
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.