Open Bug 1424038 Opened 8 years ago Updated 3 years ago

Developer tools tries to load mixed content font gauge_mono

Categories

(DevTools :: Inspector, defect, P3)

Product:
DevTools
Component:
Inspector
Version:
58 Branch
Type:
defect

Tracking

(Not tracked)

People

(Reporter: cherrador, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20171204150510 Steps to reproduce: Load a secure (HTTPS) site. Open the Developer Tools. Actual results: The Console will have right away this error: Blocked loading mixed active content “http://b.cdnst.net/fonts/gauge_mono.woff2” [Learn More] inspector.js:391:4 Sometimes it interferes while reloading of page on HTTP2 sites while the developer tools is open. Some objects do not complete loading. Expected results: The font should be downloaded from a secure site, omit the "http:" to allow to decide what kind of content is being debugged or pack the font with the distributions.
Maybe this comes from your add-ons? I did not see it in Firefox 58 and https://dxr.mozilla.org/.
Flags: needinfo?(cherrador)
I think you are right. I disabled the only plugin that is installed (Adobe Acrobat). Clear the cache and sessions, restart the browser and now the error is gone. The error message is misleading as it says that is generated by inspector.js, which is a Firefox resource. However, now I re-enable the plugin and the error is not generated any more. I think the original root of the problem is not an issue anymore, but the annoying part that make me create this bug in first place is because is catching the correct source of the error. I will keep trying to reproduce the error. But if you consider that is not relevant, you could close the bug. Thanks,
Flags: needinfo?(cherrador)
Maybe the developers have more thinking.
Component: Untriaged → Developer Tools: Inspector
Damn it.... I meant "because is NOT catching the correct source of the error."
OK, I was (kinda) able to reproduce it again. Now I know that the font file is being requested by the site https://beta.speedtest.net/ they have been doing a lot changes lately, sometimes loads that font, sometimes it uses SVGs. Also at the moment is not even using secure site. Anyways, I was able at some point load the site with https, and it also tried to load the font from a http URL. So I got the error on the developer tools console. I'm opening the developer tools on a detach window. I left the tab open, then I browsed other sites (on different tabs) doing some side research. So far, this is normal behavior. Now the abnormal part. Then I opened and new tab with a site from my localhost. Pressed F12, a new Developer Tools detached window opened and right away the console has the same error message of the speedtest console, however the source of the error is now "inspector.js". At this point anything I try to make the error go away does not help, and it start showing on any new console that I open. It goes away until I completely close and reopen the browsers. What you think? tabs leak? memory leak? My biggest problem is that I cannot consistently reproduce it for two reasons, first the site that start the problem keeps changing, second, it needs some extra browsing after the initial error, not sure how much. Maybe the title of the bug needs to be changed as it looks like the problem is about error messages of one tab are crossing to other ones.
I can reproduce the issue easily (though not at will, more interaction than the below simple recipy is needed). Go to a website that load fonts via http: (e.g., http://keenthemes.com). Leave it open. Use Firefox to browse the web for some time. Open a new tab and visit a website that loads fonts securely (e.g., https://www.sgik.nl/). Click the grey circled-i icon next to the green padlock, notice the mixed content warning. In the developer console, notice that the developer console shows a warning about a font being loaded in a completely different tab (and that the fonts complained about aren't even used on the page with the warning). I'm using a ton of plugins (including Adblock Plus and Noscript). The issue only shows after using the browser for quite a while, just the recipy above is not enough to trigger it. Closing he offending tab and reloading the secure site is hit or miss: sometimes the message goed away, sometimes it doesn't. Caching appears to be involved. Verified today using Firefox 59.0 on Ubuntu 16.04LTS. I've got a screenshot of the erroneous message in the Developer Tools console but couldn't find a way to attach it, but here's the gist: Blocked loading mixed active content “http://keenthemes.com/wp-content/themes/supportdesk/supportdesk/plugins/simple-line-icons/fonts/Simple-Line-Icons.woff”[Learn More] www.sgik.nl Blocked loading mixed active content “http://fonts.gstatic.com/s/economica/v5/Qw3fZQZaHCLgIWa29ZBbNsIB.woff2”[Learn More] www.sgik.nl Neither font is being used on www.sgik.nl. Keenthemes.com is still open in another tab. The "www.sgik.nl" shown in the right column of the console log confirms that somehow, Firefox is very mistaken about the source of the offending fonts.
Awesome, I thought I was the only crazy mind seeing this. However your Gist links do not have the correct URL.
You can look at the screenshot here: https://snag.gy/YRzod6.jpg
Product: Firefox → DevTools
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.