Open Bug 1717380 Opened 4 years ago Updated 4 years ago

Certain HTTPS links warn that secure connection is not available when HTTPS Only mode is enabled

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Version:
Firefox 89
Type:
defect

Tracking

()

People

(Reporter: eqtnbtn, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

Steps to reproduce:

Click on the link posted in the video description of this video with HTTPS Only mode on: https://www.youtube.com/watch?v=Z_VMkTggEuk

Actual results:

The Secure connection not available page opened and I was given the option to continue to HTTP site, but the destination is HTTPS. If I click on the link again I do not get that warning unless I restart my browser and I get the warning again when I click the link.

Expected results:

The website in the link should open as normal without warning me of a non HTTPS site.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → DOM: Security
Product: Firefox → Core

Hi,

I wasn't able to reproduce this issue on Firefox 89.0.1 or Firefox Nightly 91.0a1

Could you check if this also occurs to you in safe mode? Here is a link that can help you with that:
https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems#w_start-firefox-in-troubleshoot-mode

If the issue persists, try refreshing Firefox (this will restore Firefox to its default state) and check again.
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Thanks!

Flags: needinfo?(eqtnbtn)

The issue does persist even on a fresh profile with the only customization being enabling HTTPS only mode in all windows.

Flags: needinfo?(eqtnbtn)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Certain HTTPS links warn that secure connection is not available Certain HTTPS links warn that secure connection is not available when HTTPS Only mode is enabled → Certain HTTPS links warn that secure connection is not available when HTTPS Only mode is enabled

I can reproduce this the first time, but it seems to be because the link actually redirected from youtube's redirector to http://open.spotify.com/album/4Bb9Lw03MwOjFGwjBJmcr5?si=Hz_VxSloSauTib8wFIaxyg&nd=1 (note http:) first. Wouldn't this be a problem on spotify's redirector, or the link someone pasted into the youtube channel?

I don't see that happenening when I allow the page to go through, and now I can't reproduce the original problem. Maybe restarting Firefox will clear some state and allow this to be reproduced?

Blocks: https-only-mode
Severity: -- → S4
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
You need to log in before you can comment on or make changes to this bug.