Automatic proxy (pac) configuration cannot be downloaded if HTTPS-Only mode is enabled and the file is on a http site
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: patrick.zanon, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
- added the auto configuration of proxy on the operating system (debian linux) pointing to http://some.site/proxy.pac
- in Firefox the proxy configuration has been enabled to get settings from system
- in Firefox the HTTPS-Only mode has been enabled
- in Firefox the HTTPS-Only the exception for http://some.site/proxy.pac has been added
Actual results:
In the browser console we can see:
HTTPS-Only Mode: Aggiornamento della richiesta non sicura da “http://some.site/proxy.pac” a “https”.
HTTPS-Only Mode: Aggiornamento non riuscito per la richiesta non sicura “http://some.site/proxy.pac”. (M6-C13)
and the configuration is not loaded.
Expected results:
We should see:
PAC file installed from “http://some.site/proxy.pac”
and the browser should regularly load data from proxy or directly according to the configuration.
|
||
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•2 years ago
|
||
You appear to be reporting this from a Firefox 91 build. Could you try a newer one? I believe this was fixed in Firefox 92 in bug 1722202. That bug says WPAD but the patched spot looks like it would handle PAC files, too -- the nsPACMan.cpp file certainly does and I don't see any other places it creates network loads in there.
You don't need to track down an old Firefox 92 build, you could try Firefox ESR-102 which is out now. Let us know if that fixes the problem or if we have to dig deeper.
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Description
•