Cannot view source of http-only page (in private browsing mode)
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: hhfz, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
46.25 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Steps to reproduce:
Go to an http page that does not have an https equivalent, an example would be my own website (http://wheelbit.net). Try to view the source (via Tools -> Browser Tools -> Page Source, or Ctrl+U). I am using Firefox 92 (64-bit) on Windows 7.
Actual results:
I got an error page. Title is "Problem loading page". Address bar shows "view-source:https://wheelbit.net/". Screen shows "Unable to connect", and "Firefox can’t establish a connection to the server at .", and other text. This is in Firefox 92, and also noticed in Firefox 91.0.2.
Expected results:
The screen should show the source of the indicated http page. And the address bar should show the correct http URL (not a non-existent https URL). And if an error message is to be displayed for any reason, it should include the hostname after "the server at" rather than leaving it blank. View source on http pages worked correctly for many years, prior to Firefox 91 (not sure of the last correctly-working version).
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox::Address Bar' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Comment 2•3 years ago
|
||
Not here. Whatever does that, it is not Firefox itself but probably some add-on or extension or or. Please try safe mode, please try a new profile, etc.
Reporter | ||
Comment 3•3 years ago
|
||
OK, I restarted Firefox in safe mode (troubleshoot mode), also logged out of my Firefox profile (and selected to delete history on the logout dialog). Also rebooted Windows into safe mode with networking, and ran a full scan with Eset Online Scanner, no malware found. Also went into Firefox Settings and cleared all site data and history, and restarted Firefox, still in troubleshoot mode with no logged-in profile. Results were same as reported above. Then I looked into about:config. There is a setting (dom.security.https_first_pbm), it was set to its default value, which is "true". I set it to "false". This solved the problem (i.e., I got the "expected results" as noted above). Setting it back to the default value ("true") causes the problem to reappear. Although I now have a solution, I still think it's a bug that the problem occurs while using the default setting, and, to the best of my knowledge, this always worked correctly prior to Firefox 91 or so, without requiring a config modification. Aside from using my personal website as a test case, you can also use "http://abevigoda.com" which fails in a different way (different error message). Also, I still think it's a bug that Firefox displays an error page saying "the server at" with no hostname (as mentioned in my original report).
Reporter | ||
Comment 4•3 years ago
|
||
In addition: please note that in all of the above (reports of current and past experiences), I had "Always use private browsing mode" selected in Firefox Settings, because that's what I always use. It seems that the reported problem appeared for that mode only, as of Firefox 91 or so.
Reporter | ||
Updated•3 years ago
|
Comment 5•3 years ago
|
||
Reproduced the issue on all the latest Firefox versions on MacOS 10.15. As the reporter mentioned, the "Always use private mode" setting needs to be enabled for this to be reproucible.
Comment 6•3 years ago
|
||
The severity field is not set for this bug.
:johannh, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•3 years ago
|
Comment 7•3 years ago
|
||
Probably this issue need to be marked as related (or duplicate?) of bug 1729807
Updated•3 years ago
|
Updated•2 years ago
|
Description
•