If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

FireFox generates "connection partially encrypted" warning for pages that contain secure content from multiple domains

VERIFIED WORKSFORME

Status

()

Firefox
Security
VERIFIED WORKSFORME
8 years ago
7 years ago

People

(Reporter: Salman, Unassigned)

Tracking

3.6 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

All pages on my website use Google AJAX API.

When the page is viewed on http connection, the API is loaded from http://www.google.com/jsapi?key=

When the page is viewed on https connection, the API is loaded from https://www.google.com/jsapi?key=

User sessions normally start from http pages and at some point they are sent to https page for login and/or credit card entry. First time such a page is opened, the page behaves as some of the content is insecure. The indications include:

* The favicon not turning blue
* An exclamation icon over the padlock icon
* Right click > View Page Info shows "Connection Partially Encrypted" message
* Refreshing the same page fixes the problem.

Google AJAX API is used on various websites and it is probable that two websites might be using same set of files. In such case, above behavior can be observed when user clicks a link on http://domain.com/regular.html to https://another-domain.com/secure.html; the secure.html page will appear as partially encrypted.

Reproducible: Always

Steps to Reproduce:
Need a webserver that is https capable. See attached html files. Where to place the files and how to reproduce the error is documented in the files.



(a) I believe it has something to do with "caching"... Google AJAX APIs send aggressive caching instructions to the browser and may be the browser tries to use http cached version of the file on https pages.

(b) The problem looks very specific but eventually it wont be that way as gurus are recommending to switch to Google CDN servers for dispatching JavaScript libraries.
(Reporter)

Comment 1

8 years ago
Created attachment 441785 [details]
This file should be placed on a webserver and viewed over http connection.

This file should be placed on a webserver and viewed over http connection. Before uploading, edit the two links in the file to point to your test https servers.
(Reporter)

Comment 2

8 years ago
Created attachment 441786 [details]
This file should be placed on a webserver and viewed over https connection.

This file should be placed on a webserver and viewed over https connection. In relation to the previous file, this file can be placed on a webserver with same domain as the previous file to test case #1 or on a webserver with another domain name to test case #2.
(Reporter)

Updated

8 years ago
Attachment #441785 - Attachment description: This file should be placed on a webserver and viewed over http connection. Before uploading, edit the two links in the file to point to your test https servers. → This file should be placed on a webserver and viewed over http connection.
(Reporter)

Comment 3

8 years ago
IE8 and Google Chrome do not exhibit this behavior.
(Reporter)

Updated

8 years ago
Version: unspecified → 3.6 Branch
(Reporter)

Comment 4

8 years ago
What should I do to get someone to look at it?

Comment 5

7 years ago
Reporter -> Are you still experiencing this issue? Can you reproduce in safe mode and a new profile? Do you have a live site you can point to that exhibits this problem?

Comment 6

7 years ago
Salman -> Do you have a live site you can point to that exhibits
this problem?
(Reporter)

Comment 7

7 years ago
Sorry, I am unable to reproduce the error with FireFox version:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

You're welcome to close the bug.

Updated

7 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.