Firefox not initiating downloads on ThinkBroadband download page
Categories
(Core :: DOM: Security, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | --- | unaffected |
firefox80 | --- | disabled |
firefox81 | --- | fix-optional |
People
(Reporter: csasca, Assigned: sstreich)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [domsecurity-active])
Attachments
(1 file)
1.42 MB,
application/octet-stream
|
Details |
Affected versions
- Firefox 80.0a1
Affected platforms
- Windows 10
- Ubuntu 20.04
- macOS 10.15.6
Steps to reproduce
- Launch Firefox
- Access thinkbroadband download page
- Click on any file to initiate a download
Expected result
- A prompt asking the user to save or open the file is shown
Actual result
- The page refreshes for half a second and nothing is happening
Regression range
- Will see for a regression
Additional notes
- The issue can be seen in the attachment
- This affects only Firefox 80.0a1, all the rest initiate downloads correctly
- Recommended Severity 2
- No errors are thrown in browser console
Reporter | ||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 1•4 years ago
•
|
||
Sebastian could you please evaluate this problem? Is it something the website should fix on their side, and what may be the reach of this breakage across the Web?
Assignee | ||
Comment 2•4 years ago
|
||
Additional notes
- No errors are thrown in browser console
This seems to be off, there actually should be a console message stating why this is blocked. Assigning this to myself :)
Is it something the website should fix on their side
This is something the website should try to address in the future - As we want to block insecure downloads from secure origins.
Google is going to the same.
what may be the reach of this breakage across the Web?
Currently telemetry shows that we should expect 10% of the users downloads would be blocked. We could probably reduce the number by trying to auto upgrade to https.
Comment 3•4 years ago
|
||
This appears to be desired behavior vs. a regression.
Comment 4•4 years ago
|
||
mixed content blocking is currently tied to nightly.
Comment 5•4 years ago
|
||
moving to dom security, since it's not something downloads controls.
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Description
•