https-only mode gets stuck at warning screen with first-party isolation in Firefox 79+
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: nortti, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-backlog1])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0
Steps to reproduce:
I set both dom.security.https_only_mode and privacy.firstparty.isolate to true in about:config (if I set privacy.firstparty.isolate back to false, the bug does not trigger). I then tried to load a http-only page (e.g. http://www.scp-wiki.net/), clicking "Take the Risk and Continue" on the warning screen
Actual results:
I got redirected back to the same screen, no matter how many times I click the button
Expected results:
The page should have loaded over HTTP
Comment 1•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Comment 2•4 years ago
|
||
It seems there might be a problem with the Principal and corresponding Origin Attributes checks, which might be a bigger problem and not only affecting HOM and FPI. We should investigate this one.
Comment 3•4 years ago
•
|
||
Thank you for reporting this issue! Duplicate of bug 1647829
Description
•