Closed
Bug 358436
Opened 19 years ago
Closed 18 years ago
signed script example doesn't work (must be loaded from https, but check that the location is http:)
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: asqueella, Assigned: reed)
References
()
Details
http://www.mozilla.org/projects/security/components/signed-script-example.html links to this example: jar:http://www.mozilla.org/projects/security/components/signed-script-demo.jar!/signed-script-demo.html
The link doesn't work (the jar is simply isn't loaded) because it's signed jar over HTTP. I have no idea if it's intended, but bz said it probably is.
I tried loading jar:https://www.mozilla.org/projects/security/components/signed-script-demo.jar!/signed-script-demo.html then, which did load, but didn't show any alerts. This happened because the window.location check in the script only checks for jar:http:// versions of URLs, and not their HTTPS counterparts.
Jesse, you're listed as the maintainer of http://www.mozilla.org/projects/security/components/signed-scripts.html so maybe you'll have time to fix the example (which requires creating and signing a new JAR as far as I understand).
|
||
Comment 1•18 years ago
|
||
This problem is caused by Bug 172279.
You may see the http: example page after making "network.http.accept-encoding" empty and clearing the cache.
|
||
Comment 2•18 years ago
|
||
Er... so why is the server sending content-encoding here at all? That's wrong! is that a mozilla.org issue or a default server issue of some kind?
|
|
||
Comment 3•18 years ago
|
||
Note <http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp&rev=1.316#863>. Is that what's happening here too?
|
|
||
Comment 4•18 years ago
|
||
(In reply to comment #3)
> Is that what's happening here too?
Maybe no.
Though I don't know mozilla.org's server settings, it seems to gzip text files (I've checked on text/html, text/css). www.mozilla.org returns the JAR file with following responses.
Content-Type: text/plain
Content-Encoding: gzip
This problem may be avoided if you change the server setting to return MIME type "application/java-archive" for JAR files. I don't know this is the default setting on Apache.
For reference, you can access the file within XPI files (application/x-xpinstall) on www.mozilla.org.
jar:http://www.mozilla.org/projects/xpinstall/signed/testcases/signed.xpi!/smrtupdt.txt
|
|
||
Comment 5•18 years ago
|
||
> Content-Type: text/plain
Oh, so it's just a buggy server. OK, then. We should start by fixing that, and this is the bug for it.
|
Assignee | |
Updated•18 years ago
|
Assignee: nobody → reed
OS: Windows XP → All
Hardware: PC → All
|
|
Assignee | |
Comment 6•18 years ago
|
||
Added |AddType .jar application/java-archive|.
Checking in .htaccess;
/www/mozilla-org/html/projects/security/components/.htaccess,v <-- .htaccess
new revision: 1.2; previous revision: 1.1
done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
|
||
Comment 7•18 years ago
|
||
(In reply to comment #6)
> Added |AddType .jar application/java-archive|.
Thanks for update, but not working.
It should be |AddType application/java-archive .jar|.
|
Reporter | |
Comment 8•18 years ago
|
||
Reopening. It doesn't work and comment 7 has an idea why.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 9•18 years ago
|
||
Thanks. Fixed.
Checking in .htaccess;
/www/mozilla-org/html/projects/security/components/.htaccess,v <-- .htaccess
new revision: 1.3; previous revision: 1.2
done
Status: REOPENED → RESOLVED
Closed: 18 years ago → 18 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Product: mozilla.org → Websites
|
|
||
Updated•13 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•