Closed Bug 286791 Opened 20 years ago Closed 19 years ago

favicons loaded over https:// that redirect to http:// result in mixed security warning

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: darin.moz, Assigned: KaiE)

Details

favicons loaded over https:// that redirect to http:// result in mixed security
warning.

i think we might do better not to follow such redirects when loading favicons.
Why? there's nothing illegal about redirects. If we don't follow them we are
broken. This is clearly a bug, the favicon security should have nothing to do
with the security of the page.

Do you have a real example? The one in the URL field appears bogus. Are you
talking about the default https://foo.com/favicon.ico or a <link rel="icon"> in
the page header? Do they behave the same?
URL: https://somesite.com/
https://kuix.de/misc/test286791/
uses link rel to http, secure lock icon shown

https://kuix.de/misc/test286791/index2.php
uses a redirect on http level, secure lock icon shown
(although it confuses me that opening https://kuix.de/misc/test286791/i2.php opens a download prompt)

Sorry, I can't reproduce, worksforme.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.