Closed
Bug 375463
Opened 18 years ago
Closed 17 years ago
submitting discussion redirects to page that wants to download itself
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: myk, Unassigned)
References
Details
When I submitted a discussion for the Console Squared extension, my browser informed me that the web site had redirected my submission to a different page and asked me whether I wanted to submit the same data to the new page.
I clicked OK, and then my browser prompted me to download a .php file (sorry, I don't remember which one right now). I declined, then I checked to see if my discussion had been added, and it had:
https://addons.mozilla.org/en-US/firefox/discussions/comments.php?DiscussionID=60
So the discussion submission was successful, but it entailed two unexpected behaviors--a prompt to redirect data submission and a prompt to download a PHP file--that didn't make sense and to which users of the site should not be exposed.
Reporter | ||
Comment 1•18 years ago
|
||
Update: I've submitted another discussion, and this time I not only got the two prompts mentioned in comment 0, I also got a third one (before the first two) telling me that the information I was submitting was going to be transferred over an unencrypted channel.
And the PHP file I am prompted to download is comments.php.
FWIW, the URL of the "add discussion" page on which I'm submitting the form is:
https://addons.mozilla.org/en-US/firefox/discussions/post.php?AddOnID=1815
Comment 2•18 years ago
|
||
Just noticed the redirection as well. The form action is HTTP not HTTPS:
<form id="frmPostComment" method="post" action="http://addons.mozilla.org/en-US/firefox/discussions/post.php">
which is redirected.
Comment 3•18 years ago
|
||
The redirect-submission problem is because the discussions code isn't using our magic https/http detection code for the proxy setup, so it doesn't know that we're "really" https even though the web server is seeing http requests.
Comment 7•17 years ago
|
||
There are several bugs about this. It is not a good idea to be bouncing between SSL and non-SSL. Mike Shaver in comment #3 has explained what is needed to be done.
Is there a reason why this isn't getting done?
Ciao!
Severity: normal → major
OS: Linux → All
Comment 8•17 years ago
|
||
Discussions are frozen in 3.2.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•