When I submitted a discussion for the Console Squared extension, my browser informed me that the web site had redirected my submission to a different page and asked me whether I wanted to submit the same data to the new page. I clicked OK, and then my browser prompted me to download a .php file (sorry, I don't remember which one right now). I declined, then I checked to see if my discussion had been added, and it had: https://addons.mozilla.org/en-US/firefox/discussions/comments.php?DiscussionID=60 So the discussion submission was successful, but it entailed two unexpected behaviors--a prompt to redirect data submission and a prompt to download a PHP file--that didn't make sense and to which users of the site should not be exposed.
Update: I've submitted another discussion, and this time I not only got the two prompts mentioned in comment 0, I also got a third one (before the first two) telling me that the information I was submitting was going to be transferred over an unencrypted channel. And the PHP file I am prompted to download is comments.php. FWIW, the URL of the "add discussion" page on which I'm submitting the form is: https://addons.mozilla.org/en-US/firefox/discussions/post.php?AddOnID=1815
Just noticed the redirection as well. The form action is HTTP not HTTPS: <form id="frmPostComment" method="post" action="http://addons.mozilla.org/en-US/firefox/discussions/post.php"> which is redirected.
The redirect-submission problem is because the discussions code isn't using our magic https/http detection code for the proxy setup, so it doesn't know that we're "really" https even though the web server is seeing http requests.
There are several bugs about this. It is not a good idea to be bouncing between SSL and non-SSL. Mike Shaver in comment #3 has explained what is needed to be done. Is there a reason why this isn't getting done? Ciao!
Severity: normal → major
OS: Linux → All
Discussions are frozen in 3.2.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.