Closed
Bug 424689
Opened 16 years ago
Closed 16 years ago
gmail (v2) is openened unsecured after session restore
Categories
(Firefox :: Session Restore, defect)
Firefox
Session Restore
Tracking
()
RESOLVED
FIXED
People
(Reporter: Peter6, Unassigned)
References
()
Details
Attachments
(1 file)
3.68 KB,
application/x-javascript
|
Details |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008032306 Minefield/3.0b5pre ID:2008032306 repro: Open FF Open gmail in Options -> Main set [Show my windows and tabs from last time] Close FF Open FF after a minute or so result: Gmail is opened, but with white background in the locationbar and a warning ! on the lock icon in the statusbar. It's not 100% reproducable, but fails at least 9 out of 10 times I don't think this is a regression, it has always been like this since session restore. My bad not to file this bug before.
Comment 1•16 years ago
|
||
That's actually a subtlety on Gmail's side: If you start from http://mail.google.com, then you'll get an insecure http-connection after you've been logged in, whereas when you start from https://mail.google.com (note the _s_) then the connection remains secured even afterwards. So unless I'm missing something, this is WORKSFORME.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 2•16 years ago
|
||
yeah, my stupidity, typing the wrong url . the bug still stands though.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 3•16 years ago
|
||
I can definitely reproduce
Comment 4•16 years ago
|
||
Could you please upload your sessionstore.js after you've closed Firefox with Gmail open for further debugging? For privacy reasons, make sure to do this in a new window and close all other windows first, so that only the Gmail related URLs are included (which AFAICT are session specific and will expire as soon as you restart and log out). Alternatively you could try inspecting sessionstore.js yourself (looking for http:// URLs within Gmail's https:// ones) or e-mail me the file directly.
Comment 5•16 years ago
|
||
I just reproduced the bug with this sessionstore.js. FYI, reloading GMail brings back the yellow bar most of the time, but on occasion I've had to do so twice before it would go yellow again.
Comment 6•16 years ago
|
||
Thanks, Ryan, now I can reproduce this as well. This happens only when using Gmail v2 (which isn't available in all languages yet) where, although we correctly restore only https URLs somehow unencrypted content gets involved. My guess would be that this is due to us not correctly restoring frame names (bug 403179). Will have to go inspecting Gmail with DOMi when I've got some more time at hand to verify that theory, though...
Summary: gmail is openened unsecured after session restore → gmail (v2) is openened unsecured after session restore
Reporter | ||
Comment 7•16 years ago
|
||
note: a soft reload still makes it fail (most of the time), you'll need a hard reload (ctrl+F5) to get the secure version again.
Reporter | ||
Updated•16 years ago
|
Flags: blocking-firefox3?
Comment 8•16 years ago
|
||
One further StR that's missing from comment #0: Set the hidden pref browser.sessionstore.privacy_level to 0. Otherwise Gmail will just ask you to log in again after the restart. As a consequence this bug shouldn't block Firefox 3.0. BTW: Using DOMi, I didn't find any insecure files loaded into Gmail. And we'd first have to know what's actually going on...
Keywords: helpwanted
Reporter | ||
Comment 9•16 years ago
|
||
my browser.sessionstore.privacy_level = 1 , which wasn't hidden and is default afaik. (i never touched it)
Comment 10•16 years ago
|
||
Peter: Does this happen on a clean profile, as well? I have to re-login whenever the cookies are deleted (which they are with browser.sessionstore.privacy_level==1).
Reporter | ||
Comment 11•16 years ago
|
||
Simon, on exit i only clear the following privacy data: - saved form and search history - authenticated sessions this also happens with a clean profile with above mentioned changes applied
Comment 12•16 years ago
|
||
This feels like it falls into a more general "we should be serializing and restoring the entire DOM state" bucket, which we can't really block on.
Flags: wanted-firefox3+
Flags: blocking-firefox3?
Flags: blocking-firefox3-
Comment 13•16 years ago
|
||
Peter: Have you ever experience this bug again? I used to be able to reproduce this issue back in March but no longer am. Looks like Google fixed the issue on their end (which'd make this WORKSFORME).
Comment 14•16 years ago
|
||
Never mind. I think I've found the culprit: wyciwyg URLs. See bug 450595 comment #10 for a possible patch.
Depends on: 450595
Keywords: helpwanted
Comment 15•16 years ago
|
||
Fixed by bug 450595.
Status: REOPENED → RESOLVED
Closed: 16 years ago → 16 years ago
OS: Windows XP → All
Hardware: PC → All
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•