Closed
Bug 716341
Opened 13 years ago
Closed 9 years ago
Unable to Disable "Security Warning" When Moving from HTTPS to HTTP
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: robcthegeek.public, Unassigned)
Details
Attachments
(1 file)
83.76 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Steps to reproduce:
Firefox Version: 8.01 on OSX Lion.
Currently developing an app that uses PayPal. During development, we don't have SSL on the boxes that run the cucumber specs. During these specs, we go through the PayPal payment process that runs over HTTPS. At the end of this process, the user is redirected back to our application (running on HTTP). This is fine since it is only like this during development.
Actual results:
However, for our cucumber specs to pass, we need *not* to get the "security warning (although this page is encrypted...)" about moving from secure to insecure.
My first movement was to about:config where I disabled "security.warn_entering_weak". This sadly did not work.
I then took the hammer-and-egg approach and disabled ALL of them.
Still no avail. I still receive the warning no matter what I do. I have also tried restarting Firefox entirely. I can confirm the settings are saved and loaded correctly, they just don't seem to have any effect.
Expected results:
The security warning should no longer appear once disabled in "about:config".
Reporter | ||
Updated•13 years ago
|
Summary: Unable to Disabled "Security Warning" When Moving from HTTPS to HTTP → Unable to Disable "Security Warning" When Moving from HTTPS to HTTP
Comment 1•13 years ago
|
||
It is possible that you have a http post from a https page ?
You can't disable that warning.
Look here:
http://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSecurityWarningDialogs.cpp#262
Reporter | ||
Comment 2•13 years ago
|
||
I don't think so - the form is on PayPals side and is posting over HTTPS. From what I can tell it then just redirects to whatever URL we have specified (in this case a HTTP address).
Since this my particular case is working with PayPal I can't give you demo steps, but anyone registered as a developer can set up a sandbox and see for themselves:
1. Create a "Pay now' button.
2. For the "success" URL, redirect to localhost (using HTTP).
3. Spin up a web app, hosting the "pay now" button (HTTPS form).
Click the button, run through the sandbox process, then you should get the error (which as far as I can tell, should be able to be disabled?).
Comment 3•12 years ago
|
||
Most of the annoying prompts have been removed (at least in Firefox Nightly). Please try it out in Firefox Nightly and let us know if you are still having the issue.
Component: Untriaged → Security: UI
Product: Firefox → Core
![]() |
||
Comment 4•9 years ago
|
||
Hi Rob,
Is this still an issue?
As noted in comment 3, several of these prompts were removed (see Bug 799009).
Flags: needinfo?(robcthegeek.public)
![]() |
||
Comment 5•9 years ago
|
||
It's been a while without a response, so I'll close this as incomplete for now.
Feel free to reopen if this is still an issue.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(robcthegeek.public)
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•