Network monitor shows unavailable HTTPS sites as insecure
Categories
(DevTools :: Netmonitor, defect, P3)
Tracking
(Not tracked)
People
(Reporter: ehsan.akhgari, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
82.50 KB,
image/png
|
Details |
STR:
- Open the network monitor and try to connect to an HTTPS server that's unavailable, for example https://example.com.
The network monitor shows "example.com" as insecure. See the screenshot.
Comment 1•4 years ago
|
||
Thanks for the report, I can reproduce it on my machine.
When debugging the STR I am seeing that this line:
const secinfo = this.httpActivity.channel.securityInfo;
https://searchfox.org/mozilla-central/rev/6bceafe72cad5d5752667b4b6bd595d3a4047ca3/devtools/server/actors/network-monitor/network-response-listener.js#326
... is returning null
@Michal, do you have more details or is there anyone else I could ask?
Honza
Comment 2•4 years ago
|
||
If the server is not responding the security info isn't available. That makes sense. In such case server is IMO neither insecure nor secure. I'm not sure what should be displayed.
Comment 3•4 years ago
|
||
@Harald, should we introduce a new security-icon?
Honza
Comment 4•4 years ago
|
||
Seems to make sense to mark the requests as failed (similar to CORS). This is also in line with what Chrome is doing (labeling it (failed)
)
Updated•2 years ago
|
Description
•