Closed
Bug 544428
Opened 15 years ago
Closed 12 years ago
Mixed-content SSL warning on pages due to iframe
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: reed, Assigned: abuchanan)
References
()
Details
(Whiteboard: [sg:want][sec])
Attachments
(1 file)
If I visit the firstrun page over HTTPS, I get a mixed content SSL warning (broken lock). This is due to the iframe:
<iframe
src="http://www.getpersonas.com/en-US/external/mozilla/firstrun.php"
width="320"
height="200">
</iframe>
Should check to see if page is being accessed over HTTPS and use https://www.getpersonas.com instead.
However, it seems https://www.getpersonas.com/en-US/external/mozilla/firstrun.php redirects to http://, so I'll have to get that fixed, too. Sigh.
|
||
Comment 1•15 years ago
|
||
Where/how are we linking to the firstrun page over ssl?
|
Reporter | |
Comment 2•15 years ago
|
||
(In reply to comment #1) > Where/how are we linking to the firstrun page over ssl? We aren't linking to it anywhere, as far as I know, but we still should support those people who wish to access the page via SSL, especially since it's not a hard thing to do. This will become especially important in the future if/when the entire site is behind SSL, as has been discussed in some groups lately.
|
|
Reporter | |
Updated•15 years ago
|
Whiteboard: [sg:want]
|
Assignee | |
Comment 4•15 years ago
|
||
changes done on trunk in r62056 This is blocked on HTTPS support for getpersonas.com
|
||
Comment 5•15 years ago
|
||
(In reply to comment #4) > changes done on trunk in r62056 > > This is blocked on HTTPS support for getpersonas.com What's the bug for that?
|
|
Assignee | |
Comment 6•15 years ago
|
||
/me points at the Depends On: field
|
|
||
Comment 7•15 years ago
|
||
(In reply to comment #6) > /me points at the Depends On: field ...which doesn't have a great summary, since it appears to only talk about firstrun; my bad.
|
|
Reporter | |
Comment 8•15 years ago
|
||
(In reply to comment #4) > changes done on trunk in r62056 Looks like these pages need it fixed, too: * en-US/firefox/3.6/whatsnew/index.html * en-US/firefox/students/panel.inc.php * en-US/firefox/customize/index.html (imgs) * en-US/firefox/3.6/firstrun/a/index.html (imgs) * en-US/firefox/3.6/firstrun/b/index.html (imgs) * en-US/firefox/3.6/firstrun/c/index.html (imgs) * en-US/firefox/personal.html (imgs)
|
|
Reporter | |
Updated•14 years ago
|
Summary: Mixed-content SSL warning on firstrun page due to iframe → Mixed-content SSL warning on pages due to iframe
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [sg:want] → [sg:want][sec]
|
|
Assignee | |
Comment 9•14 years ago
|
||
This is a big patch and affects 128 files This patch removes http: and <?= $config['url_scheme'] ?>: from www.getpersonas URLs
|
|
Assignee | |
Comment 10•14 years ago
|
||
(In reply to comment #8) > Looks like these pages need it fixed, too: > * en-US/firefox/3.6/whatsnew/index.html > * en-US/firefox/students/panel.inc.php > * en-US/firefox/customize/index.html (imgs) covered by patch > * en-US/firefox/3.6/firstrun/a/index.html (imgs) > * en-US/firefox/3.6/firstrun/b/index.html (imgs) > * en-US/firefox/3.6/firstrun/c/index.html (imgs) These are old A/B tests that need to be deleted, https://bugzilla.mozilla.org/show_bug.cgi?id=565408#c9 > * en-US/firefox/personal.html (imgs) This page doesn't exist, it gets redirected to /en-US/firefox/. The file should be deleted. https://bugzilla.mozilla.org/show_bug.cgi?id=548357#c10
|
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
Component: www.mozilla.org/firefox → www.mozilla.org
|
|
||
Updated•12 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•