377382 - Security warning leaving https is not possible to turn off and cause second bug with double submit https / http

Status: RESOLVED INCOMPLETE

(Firefox :: Security, defect)

Description

[Erlend Bjorge]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

Hi there!

If you click 'Logg inn nettbank', going to the https address, then hit Avbryt (cancel) then the Security message that pops up is not possible to turn off.

(Although this page is encrypted, the information you have entered is to be sent over an unencrypted ..... are you sure you want to continue ... [Continue] [Cancel])

I have been into the Warning Messages settings, turning on off all options, closing the browser before I try again, same result.

Haven't this been reported before ? can't find any bug report on it.

Anyway for me it's not a big issue to hit continue when this happens, but in the java/jsp application I'm developing I think this issue bring another bug into the surefase when you double submit a form.

      First submit goes to the same window and continue in https
      The second submit open a new window and submit to a http address

The first submit works just fine, but the second submit never happens, and I think this warning message is the clue to this. I think this because when you hits continue as fast as possible with Enter button after you submit, the window open and the submit actually happens, but if you are to slow doing it, it don't open the new window and the submit does not happen.

Shouldn't be like that should it ? :-)

--

This is my code with a little javascript doing the dobule submit when you hit the Send fax button.

<SCRIPT Language="Javascript">
    function showSaleSubmit() {
	document.ShowSale.submit();
    }

</SCRIPT>

<!-- The first submit that continue in https in the same window, this works fine
<form name="ShowSale" action="Sale.do" target="_self">
    <input type="hidden" name="method" value="show">
    <input type="hidden" name="saleid" value="1111">
</form>

<!-- Second submit that does not work if you don't hit Contine fast enough when the warning message pop's up -->
<form name="SendContract" action="http://faxdummy.no:8080/sendfax.php?" onsubmit="showSaleSubmit();" method="POST" target="FaxWindow">
  Sale id <input type="TEXT" name="saleid" value="1111" readonly="true"><br>
  Fax number <input type="TEXT" name="faxnr" value="11223344"><br>
  <input type="submit" name="Submit" value="Send fax">
</form>

--

So it a Firefox bug ? is it reported before at all ? any fixes ?

Thanks!
Erlend Bjorge














Reproducible: Always

Steps to Reproduce:
1. Push the Send fax button
2. Hit Enter slow on the Continue button = the second submit don't work

Actual Results:  
The second submit going to a http address from a https page does not submit

Expected Results:  
Despite if you are fast or slow when you hit the Continue button on the Security Warning message, when you double submit a https page and to another http page, the http submit should still submit.


I have tested this also in Mac version 2.0.0.2 same result (if you are fast it works, if you are slow it don't) AND btw it works just fine in IE :-)

Comment 1

[Peter Gerdes]

I don't know if this bug still blocks the second submit but the issue with the absence of a preference for this security warning is Bug 410340

Comment 2

[Peter Gerdes]

Oops, decided I wasn't sure if the bug I linked above was describing the same issue or just someone who didn't know how to use the about:config entries.  Therefore I submitted bug 445395 to describe the issue with these warnings popping up as a result of autosubmitted forms on secure pages being submitted to insecure URLs.  The fix I would like to see would solve this bug as well.

Comment 3

[u279076]

Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE.  Please reopen or file a new bug if you can still reproduce the bug.