Closed Bug 168629 Opened 23 years ago Closed 19 years ago

Mozilla incorrectly prompts about submitting to an insecure location from a secure one with base href="https://..."

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sgifford, Assigned: KaiE)

References

(
URL
)

Details

(Keywords: fixed1.8.1, Whiteboard: [kerh-coz])

Attachments

(3 files, 1 obsolete file)

Demo
168 bytes, text/html
Details
Patch v1 b
1.69 KB, patch
rrelyea
: review+
KaiE
: superreview+
KaiE
: approval-branch-1.8.1-
Details | Diff | Splinter Review
Patch for 1.8 branch
1.70 KB, patch
KaiE
: superreview+
KaiE
: approval-branch-1.8.1+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910 When visiting: http://redhat.rsc03.net/servlet/website/ResponseForm?koE7iHJoL8kHgKzNkOLRzLimVTTV and submitting the form, Mozilla warns me that: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?" It's clear from the URL, and the Page Info and padlock icon agree, that the page I'm looking at isn't a secure page. Reproducible: Always Steps to Reproduce: 1. Visit: http://redhat.rsc03.net/servlet/website/ResponseForm?koE7iHJoL8kHgKzNkOLRzLimVTTV 2. Scroll to bottom of page and hit Submit 3. Actual Results: The dialog described above comes up. Expected Results: Normal page submission.
confirming; over to PSM.
Assignee: alexsavulov → ssaux
Severity: normal → major
Status: UNCONFIRMED → NEW
Component: Form Submission → Client Library
Ever confirmed: true
Product: Browser → PSM
QA Contact: vladimire → junruh
Version: other → 2.4
Evangelism. The same behavior occurs with Nav. 4.7X. It looks like the top line - <base href="https://www.redhat.com"> needs to synch up with some lines further down - <form method="POST" action="http://redhat.rsc03.net/servlet/campaignrespondent">
Assignee: ssaux → aruner
Component: Client Library → US Ecommerce
OS: Linux → All
Product: PSM → Tech Evangelism
QA Contact: junruh → bclary
Version: 2.4 → unspecified
Although the combination of <base href="https:..."> and <form action="http:..."> is certainly bizarre, I don't think it's illegal, and the error message displayed by Mozilla is factually incorrect. We loaded a standard HTTP page, and submitted data to a standard HTTP page. The <base href="..."> shouldn't enter into things at all. I don't mind evangelizing RedHat, but I still think this is a bug in Mozilla. I'll move it back into the PSM component in a few days, unless somebody comes up with a good reason why this behavior is correct.
Summary: Mozilla incorrectly prompts about submitting to an insecure location from a secure one → rsc03.net - Mozilla incorrectly prompts about submitting to an insecure location from a secure one
See comment #3.
Component: US Ecommerce → Client Library
Product: Tech Evangelism → PSM
Target Milestone: --- → 1.4
Version: unspecified → 2.3
Attached file Demo
Original Web site no longer exists, but unfortunately the bug still does. I've created a small test case and attached it.
URL: http://redhat.rsc03.net/servlet/websi...
Summary: rsc03.net - Mozilla incorrectly prompts about submitting to an insecure location from a secure one → Mozilla incorrectly prompts about submitting to an insecure location from a secure one with base href="https://..."
Bug is still present in FireBird 20030703.
reassign former PSM engineers' bugs to nobody@mozilla.org
Assignee: aruner → nobody
QA Contact: bob → nobody
Target Milestone: 1.4 → ---
Product: PSM → Core
new testcase at URL (as bugzilla meanwhile uses https to display its content)
URL: http://kuix.de/misc/test168629/
Whiteboard: [kerh-coz]
*** Bug 328295 has been marked as a duplicate of this bug. ***
So... Kai, you have blame for this. Why is this using the baseURI of the document? Shouldn't this use the documentURI or better yet the URI of the document's principal? Using the baseURI here is bogus, imo.
Flags: blocking1.9a1+
We correctly warn that information will be submitted to an insecure destination, so I don't see this bug as critical. > So... Kai, you have blame for this. Why is this using the baseURI of the > document? I don't know, I didn't write it, I probably just moved this code to a new file, if cvs blames me. But I'm ok to work on it. > Using the baseURI here is bogus, imo. I agree. > Shouldn't this use the documentURI I confirm changing formURL = document->GetBaseURI(); to formURL = document->GetDocumentURI(); fixes the bug. > or better yet the URI of the document's principal? Instead of the above, I also tried nsIPrincipal *principal = formNode->GetNodePrincipal(); principal->GetURI(formURL); and confirm it fixes the bug, too. However, documentation says, the principal for a node might be null, "in that case the caller should assume that all same-origin checks against this node fail and that this node has no permissions to do anything." What should we do if the principal is null? Cancel submit? (which might break sites?) Or fall back to document URI?
Flags: blocking1.7.13?
The only way for a node to have a null principal is if the document it was in has already gone away or if there was an out-of-memory error creating a principal object. So cancelling the submit is the way to go, in my opinion. On trunk we're going to change things so a node's principal is never null, fwiw. Also, system principals have no URI; that might need to be accounted for.
> Also, system principals have no URI; that might need to be accounted for. What does that mean in the context of this bug?
That formURL would be null (if the form post is happening in a chrome document). No idea what you want the behavior to be in that case.
> The only way for a node to have a null principal is if the document it was in > has already gone away or if there was an out-of-memory error creating a > principal object. So cancelling the submit is the way to go, in my opinion. If that's the only cases, I agree. > System principals have no URI if the form post is happening in a chrome > document. No idea what you want the behavior to be in that case. I think we should not change current behaviour in that case, and fall back to the document URI.
Attached patch Patch v1 (obsolete) — Splinter Review
Assignee: nobody → kengert
Status: NEW → ASSIGNED
Attachment #213476 - Flags: superreview?
Attachment #213476 - Flags: superreview? → superreview?(bzbarsky)
Comment on attachment 213476 [details] [diff] [review] Patch v1 Move the "||" up to the previous line, and sr=bzbarsky
Attachment #213476 - Flags: superreview?(bzbarsky) → superreview+
Attached patch Patch v1 bSplinter Review
Addressing review request, moving forward sr=bzbarsky Bob, could you please do the peer review?
Attachment #213476 - Attachment is obsolete: true
Attachment #213482 - Flags: superreview+
Attachment #213482 - Flags: review?(rrelyea)
Comment on attachment 213482 [details] [diff] [review] Patch v1 b r=relyea code implements the recommendation discussed in the bug.
Attachment #213482 - Flags: review?(rrelyea) → review+
Attachment #213482 - Flags: approval-branch-1.8.1+
Comment on attachment 213482 [details] [diff] [review] Patch v1 b There is no nsIContent::GetNodePrincipal on MOZILLA_1_8_BRANCH, we need a different patch if we want to have a fix on that branch, too
Attachment #213482 - Flags: approval-branch-1.8.1+ → approval-branch-1.8.1-
For the trunk patch we used nsIPrincipal *principal = formNode->GetNodePrincipal(); For 1.8 branch, can we use this? nsIPrincipal *principal = document->GetPrincipal(); (marking fixed on trunk)
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
> For 1.8 branch, can we use this? > nsIPrincipal *principal = document->GetPrincipal(); Can and should. ;)
The only difference between the trunk patch and this one is the line that Boris approved in comment 23, therefore I'm marking it as sr=bzbarsky Approving for 1.8 branch.
Attachment #213691 - Flags: superreview+
Attachment #213691 - Flags: approval-branch-1.8.1+
checked in to 1.8 branch
Keywords: fixed1.8.1
Too late for a non-critical bug in 1.7.13, will consider for the next release. Does this not affect Firefox as well?
Flags: blocking1.9a1+
Flags: blocking1.7.14?
Flags: blocking1.7.13?
Flags: blocking-aviary1.0.9?
(In reply to comment #26) > Does this not affect Firefox as well? This does affect Firefox.
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: