submitting discussion redirects to page that wants to download itself

RESOLVED FIXED

Status

--
major
RESOLVED FIXED
12 years ago
3 years ago

People

(Reporter: myk, Unassigned)

Tracking

Details

(Reporter)

Description

12 years ago
When I submitted a discussion for the Console Squared extension, my browser informed me that the web site had redirected my submission to a different page and asked me whether I wanted to submit the same data to the new page.

I clicked OK, and then my browser prompted me to download a .php file (sorry, I don't remember which one right now).  I declined, then I checked to see if my discussion had been added, and it had:

https://addons.mozilla.org/en-US/firefox/discussions/comments.php?DiscussionID=60

So the discussion submission was successful, but it entailed two unexpected behaviors--a prompt to redirect data submission and a prompt to download a PHP file--that didn't make sense and to which users of the site should not be exposed.
(Reporter)

Comment 1

12 years ago
Update: I've submitted another discussion, and this time I not only got the two prompts mentioned in comment 0, I also got a third one (before the first two) telling me that the information I was submitting was going to be transferred over an unencrypted channel.

And the PHP file I am prompted to download is comments.php.

FWIW, the URL of the "add discussion" page on which I'm submitting the form is:

https://addons.mozilla.org/en-US/firefox/discussions/post.php?AddOnID=1815

Comment 2

12 years ago
Just noticed the redirection as well. The form action is HTTP not HTTPS:

<form id="frmPostComment" method="post" action="http://addons.mozilla.org/en-US/firefox/discussions/post.php">

which is redirected.
The redirect-submission problem is because the discussions code isn't using our magic https/http detection code for the proxy setup, so it doesn't know that we're "really" https even though the web server is seeing http requests.

Updated

11 years ago
Duplicate of this bug: 412869

Updated

11 years ago
Duplicate of this bug: 399947

Updated

11 years ago
Duplicate of this bug: 407141

Comment 7

11 years ago
There are several bugs about this.  It is not a good idea to be bouncing between SSL and non-SSL.  Mike Shaver in comment #3 has explained what is needed to be done.

Is there a reason why this isn't getting done?

Ciao!
Severity: normal → major
OS: Linux → All

Comment 8

11 years ago
Discussions are frozen in 3.2.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
(Assignee)

Updated

3 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.