Last Comment Bug 337897 - Feeds served over HTTPS act insecure (no SSL indicators)
: Feeds served over HTTPS act insecure (no SSL indicators)
Status: RESOLVED WONTFIX
:
Product: Firefox
Classification: Client Software
Component: RSS Discovery and Preview (show other bugs)
: Trunk
: All All
: P3 normal with 6 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
https://bugzilla.mozilla.org/buglist....
: 498376 530153 660139 681601 1140192 1171023 1206905 1214251 (view as bug list)
Depends on: 482245
Blocks: lockicon
  Show dependency treegraph
 
Reported: 2006-05-14 00:10 PDT by Phil Ringnalda (:philor)
Modified: 2016-06-13 00:33 PDT (History)
25 users (show)
mbeltzner: blocking‑firefox3-
reed: wanted‑firefox3+
bugs: blocking‑firefox2-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Phil Ringnalda (:philor) 2006-05-14 00:10:02 PDT
STR:

1. For extra fun, set security.warn_leaving_secure to true
2. Go to https://bugzilla.mozilla.org/buglist.cgi?bug_id=333751
3. Click the "RSS" link at the bottom of the list.
4. Get a warning that you are leaving a secure page for an insecure one, and when the feed at https://bugzilla.mozilla.org/buglist.cgi?bug_id=333751&ctype=rss loads note that the addressbar background is white, and that there's no lock icon.
Comment 1 Ben Goodger (use ben at mozilla dot org for email) 2006-06-12 16:58:31 PDT
The reason for this is:

- the original content loads over https (secure)
- the preview page is loaded from a jar channel (insecure)

nsSecureBrowserUIImpl inspects the current channel for securityInfo and uses that to update the browser UI. 

In this "nested" channel situation we have no way of knowing what the securityInfo of the original channel is. 

This will potentially require significant API changes. Since this is lesser priority (worst case is user getting freaked out that content isn't secure when it actually is - anyway https: is still shown in location bar if coloration and lock icon isn't), I'm going to mark this not blocking. 
Comment 2 Florian Quèze [:florian] [:flo] 2006-08-03 06:31:51 PDT
related with bug 232944?
Comment 3 Honza Bambas (:mayhemer) 2009-03-13 11:05:54 PDT
(In reply to comment #2)
> related with bug 232944?

I would more say no, but might be. At least, I don't believe fixing that bug will be sufficient to fix this one.
Comment 4 Honza Bambas (:mayhemer) 2009-03-13 11:20:55 PDT
Seems more like fixing bug 482245 will help here because we change location of the page to file://.../subscribe.xhtml.
Comment 5 Honza Bambas (:mayhemer) 2009-06-24 10:34:47 PDT
*** Bug 498376 has been marked as a duplicate of this bug. ***
Comment 6 Phil Ringnalda (:philor) 2009-11-20 12:22:03 PST
*** Bug 530153 has been marked as a duplicate of this bug. ***
Comment 7 Reed Loden [:reed] (use needinfo?) 2009-11-20 12:31:58 PST
I promise I searched for this, but I used SSL and not HTTPS in my search. :(
Comment 8 (mostly gone) XtC4UaLL [:xtc4uall] 2011-05-27 09:04:01 PDT
*** Bug 660139 has been marked as a duplicate of this bug. ***
Comment 9 (mostly gone) XtC4UaLL [:xtc4uall] 2011-08-24 16:29:51 PDT
*** Bug 681601 has been marked as a duplicate of this bug. ***
Comment 10 Mike Conley (:mconley) - (needinfo me!) 2013-03-11 08:31:03 PDT
The feed reader component has been mostly demoted in recent versions of Firefox, and we're unlikely to extend or expand on it. The bug mentioned here sounds relatively minor, and unique to the feed reader component, so I'm marking WONTFIX.
Comment 11 Phil Ringnalda (:philor) 2015-03-05 17:02:51 PST
*** Bug 1140192 has been marked as a duplicate of this bug. ***
Comment 12 Gingerbread Man 2015-06-03 08:01:11 PDT
*** Bug 1171023 has been marked as a duplicate of this bug. ***
Comment 13 Gingerbread Man 2015-09-21 20:50:55 PDT
*** Bug 1206905 has been marked as a duplicate of this bug. ***
Comment 14 Phil Ringnalda (:philor) 2015-10-13 09:24:05 PDT
*** Bug 1214251 has been marked as a duplicate of this bug. ***
Comment 15 Type 1 Joe 2016-06-13 00:33:02 PDT
Appears to be fixed as of Firefox 47.

I'm Running Firefox 47 on OpenBSD-current amd64, getting the correct padlock indicator when viewing RSS feeds over TLS.

Note You need to log in before you can comment on or make changes to this bug.