263765 - Receive "partially insecure content" warning on Bugzilla because of http shortcut icon

Status: RESOLVED FIXED

(bugzilla.mozilla.org :: General, enhancement)

Description

[Peter Kovář]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; sk-SK; rv:1.8a5) Gecko/20041010
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; sk-SK; rv:1.8a5) Gecko/20041010

Mozilla icon http://mozilla.org/images/mozilla-16.png is probably causing that
lock icon indicator shows "insecure" page.


Reproducible: Always
Steps to Reproduce:

Actual Results:  



Expected Results:  
Would it be possible to use https:// instead of http:// for icon as well?

Comment 1

[Joel Peshkin]

*** Bug 263766 has been marked as a duplicate of this bug. ***

Comment 2

[Dave Miller [:justdave]]

*** Bug 263766 has been marked as a duplicate of this bug. ***

Comment 3

[Dave Miller [:justdave]]

Peter: what web page are you seeing this on?  You did not mention anywhere what
page is including this icon.

Comment 4

[Daniel Wang]

I believe he's talking about b.m.o

Comment 5

[Peter Kovář]

Attachment: Snapshot of Bugzilla "insecure" page

This page is taken from Mozilla displaying page
https://bugzilla.mozilla.org/show_bug.cgi?id=263765

However this icon shows "secure" page when I hit the reload button. What can be
wrong?

about:buildconfig

Build platform
target
i686-pc-linux-gnu

Build tools
Compiler	Version 	Compiler flags
ccache gcc-3.4.3-20041101	gcc version 3.4.3 20041101 (prerelease)        
-Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Wno-long-long -pedantic
-march=i686 -mtune=pentium3 -msse -mfpmath=sse -mmmx -O2 -pipe -fforce-addr
-fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt
-falign-functions=4 -maccumulate-outgoing-args -fprefetch-loop-arrays -pthread
-pipe
ccache c++-3.4.3-20041101	gcc version 3.4.3 20041101 (prerelease)        
-fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align
-Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor
-Wno-long-long -pedantic -march=i686 -mtune=pentium3 -msse -mfpmath=sse -mmmx
-O2 -pipe -fforce-addr -fomit-frame-pointer -funroll-loops
-frerun-cse-after-loop -frerun-loop-opt -falign-functions=4
-maccumulate-outgoing-args -fprefetch-loop-arrays -fshort-wchar -pthread -pipe
-I/usr/X.org/include

Configure arguments
--prefix=/usr --enable-calendar --enable-md --enable-ldap --enable-svg
--enable-svg-renderer-cairo --enable-xft --enable-optimize=-O2
--with-system-jpeg --with-system-zlib --with-system-png --with-system-mng
--enable-xterm-updates --enable-xinerama --enable-ctl --enable-jsd --enable-oji
--enable-crypto --enable-default-toolkit=gtk2 --enable-xtf
--with-extensions=all --enable-xpctools --enable-reorder --enable-logging
--enable-timeline

Comment 6

[Dave Miller [:justdave]]

OK, fixed.  Grabbed a copy of the icon off of www.mozilla.org and put it on
bugzilla.mozilla.org, and changed the URL to be a relative reference to it
(which should inherit the https).

Comment 7

[Peter Kovář]

Although this bug is already RESOLVED & FIXED, here is some additional info.

I've realized that following settings affects behaviour described earlier.

Preferences -> Debug -> Networking -> Enable Disk Cache

about:config
browser.cache.disk_cache_ssl true

But there might be flaw in logic. When disk cache is enabled for SSL, first time
I see alert about mixed secure and insecure content and icon indicator shows
"insecure" page. However after page reload, there's no alert and page is
indicated as secure.

Is this intended or problem is between monitor and chair?