Closed Bug 1652335 Opened 5 years ago Closed 5 years ago

Mixed content does not work

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
78 Branch
Platform:
x86_64
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: kees.borst44, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

I have an iFrame on a page with a HTTPS link. With Firerox version 77 no problem. The content with apparently mixed and possibly not secure content is displayed. With FF version 78.0.2 it is no longer displayed. When I change in the iFrame HTTPS to HTTP I get the same problem. When I use this HTTP URL in a new tab in the address line, so not via an iframe on a page of the website, the information is displayed. I see a lock with a red line meaning not secure but it works. When I use the HTTPS URL in a new tab in the address line I don't get a result. The lock has an orange triangle which means when i click on the lock "Connection not secured".
The website page containing the iframe with the HTTPS URL is https://www.airportchaplaincy.nl/nl/anbi. The iFrame inside this web page with the the HTTPS link is <iframe style="width:550px;height:350px" src="https://online.anyflip.com/budx/uexj/index.html" width="550px" height="350px" frameborder="0" scrolling="no" seamless="seamless" allowfullscreen="true"></iframe>.

The URLs I used without HTTPS or with HTTP in the address bar is https://online.anyflip.com/budx/uexj/mobile/index.html or http://online.anyflip.com/budx/uexj/mobile/index.html

Actual results:

The display of a document with anyflip.com support is not shown any more.
When I use Chrome, Edge or IE the document is displayed on the website page.
With Firefox 68.10.1 on Android 10 it works also as intended.

Expected results:

The result of the code in the iFrame should show a document, an annual report as PDF, which I can read and page through. The website is operational and I'm disparately waiting for a solution.

OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → DOM: Security
Product: Firefox → Core

JC, maybe you can help us out, because I don't think it's a mixed content blocker issue.

STRs Part1:

  • Visit https://www.airportchaplaincy.nl/nl/anbi
  • The iframe of src="https://online.anyflip.com/budx/uexj/index.html" is not displayed
  • Iframe is displayed in other browsers (e.g. Chrome) but not in Firefox - no mixed content warning in the console.

STRs Part2:

  • Visit the iframe src as top-level directly: https://online.anyflip.com/budx/uexj/mobile/index.html
  • Open the Network tab an see error messages like:
    https://static.anyflip.com/resourceFiles/html5_templates/js/jquery-1.9.1.min.js failed with error An error occurred:: SSL_ERROR_UNSUPPORTED_VERSION.
Flags: needinfo?(jjones)

Any idea what the problem is or is there already a solution? Thanks for your appreciated support.

Kind regards,
Cees Borst

I agree from the description it sounds like a server configuration mismatch, but I can't reproduce with 78, 79 or 80.

static.anyflip.com is negotiating TLS 1.3 using TLS_AES_128_GCM_SHA256 and curve 25519.

Is it possible that in the days since this was posted that the server changed something? Can you try again?

Flags: needinfo?(jjones)

High J.C.

It seems to work now. I still don't understand what is changed and made it working again. But when I reported this problem it didn/t work with FF and it did with the other browsers. Thanks for paying attention to this problem.

Kind regards,
Cees Borst

(In reply to Cees Borst from comment #5)

It seems to work now.

Great - marking this as INVALID.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.