As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 337897 - Feeds served over HTTPS act insecure (no SSL indicators)
: Feeds served over HTTPS act insecure (no SSL indicators)
Status: RESOLVED WONTFIX
:
Product: Firefox
Classification: Client Software
Component: RSS Discovery and Preview (show other bugs)
: Trunk
: All All
: P3 normal with 6 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Marco Bonardo [::mak]
Mentors:
https://bugzilla.mozilla.org/buglist....
: 498376 530153 660139 681601 1140192 1171023 1206905 1214251 (view as bug list)
Depends on: 482245
Blocks: lockicon
  Show dependency treegraph
 
Reported: 2006-05-14 00:10 PDT by Phil Ringnalda (:philor)
Modified: 2016-11-01 13:35 PDT (History)
26 users (show)
mbeltzner: blocking‑firefox3-
reed: wanted‑firefox3+
bugs: blocking‑firefox2-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description User image Phil Ringnalda (:philor) 2006-05-14 00:10:02 PDT
STR:

1. For extra fun, set security.warn_leaving_secure to true
2. Go to https://bugzilla.mozilla.org/buglist.cgi?bug_id=333751
3. Click the "RSS" link at the bottom of the list.
4. Get a warning that you are leaving a secure page for an insecure one, and when the feed at https://bugzilla.mozilla.org/buglist.cgi?bug_id=333751&ctype=rss loads note that the addressbar background is white, and that there's no lock icon.
Comment 1 User image Ben Goodger (use ben at mozilla dot org for email) 2006-06-12 16:58:31 PDT
The reason for this is:

- the original content loads over https (secure)
- the preview page is loaded from a jar channel (insecure)

nsSecureBrowserUIImpl inspects the current channel for securityInfo and uses that to update the browser UI. 

In this "nested" channel situation we have no way of knowing what the securityInfo of the original channel is. 

This will potentially require significant API changes. Since this is lesser priority (worst case is user getting freaked out that content isn't secure when it actually is - anyway https: is still shown in location bar if coloration and lock icon isn't), I'm going to mark this not blocking. 
Comment 2 User image Florian Quèze [:florian] [:flo] 2006-08-03 06:31:51 PDT
related with bug 232944?
Comment 3 User image Honza Bambas (:mayhemer) 2009-03-13 11:05:54 PDT
(In reply to comment #2)
> related with bug 232944?

I would more say no, but might be. At least, I don't believe fixing that bug will be sufficient to fix this one.
Comment 4 User image Honza Bambas (:mayhemer) 2009-03-13 11:20:55 PDT
Seems more like fixing bug 482245 will help here because we change location of the page to file://.../subscribe.xhtml.
Comment 5 User image Honza Bambas (:mayhemer) 2009-06-24 10:34:47 PDT
*** Bug 498376 has been marked as a duplicate of this bug. ***
Comment 6 User image Phil Ringnalda (:philor) 2009-11-20 12:22:03 PST
*** Bug 530153 has been marked as a duplicate of this bug. ***
Comment 7 User image Reed Loden [:reed] (use needinfo?) 2009-11-20 12:31:58 PST
I promise I searched for this, but I used SSL and not HTTPS in my search. :(
Comment 8 User image (mostly gone) XtC4UaLL [:xtc4uall] 2011-05-27 09:04:01 PDT
*** Bug 660139 has been marked as a duplicate of this bug. ***
Comment 9 User image (mostly gone) XtC4UaLL [:xtc4uall] 2011-08-24 16:29:51 PDT
*** Bug 681601 has been marked as a duplicate of this bug. ***
Comment 10 User image Mike Conley (:mconley) - PTO on Jan 20th 2013-03-11 08:31:03 PDT
The feed reader component has been mostly demoted in recent versions of Firefox, and we're unlikely to extend or expand on it. The bug mentioned here sounds relatively minor, and unique to the feed reader component, so I'm marking WONTFIX.
Comment 11 User image Phil Ringnalda (:philor) 2015-03-05 17:02:51 PST
*** Bug 1140192 has been marked as a duplicate of this bug. ***
Comment 12 User image Gingerbread Man 2015-06-03 08:01:11 PDT
*** Bug 1171023 has been marked as a duplicate of this bug. ***
Comment 13 User image Gingerbread Man 2015-09-21 20:50:55 PDT
*** Bug 1206905 has been marked as a duplicate of this bug. ***
Comment 14 User image Phil Ringnalda (:philor) 2015-10-13 09:24:05 PDT
*** Bug 1214251 has been marked as a duplicate of this bug. ***
Comment 15 User image Type 1 Joe 2016-06-13 00:33:02 PDT
Appears to be fixed as of Firefox 47.

I'm Running Firefox 47 on OpenBSD-current amd64, getting the correct padlock indicator when viewing RSS feeds over TLS.
Comment 16 User image Brian Raker 2016-11-01 13:35:56 PDT
FF49.0.2 Mac still shows this error.  Have had to explain to customers that the issue is with Firefox, not services provided by my employ.

Note You need to log in before you can comment on or make changes to this bug.