Status

Websites
mozillalabs.com
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: alex_mayorga, Unassigned)

Tracking

Details

(Reporter)

Description

6 years ago
There's mixed content on https://mozillalabs.com/ that breaks HTTPS.

The page has these http:// resources:
http://mozillalabs.com/files/2011/07/webfwd_badge.png
http://mozillalabs.com/wp-content/themes/labs_project/img/labkit-header.png
http://mozillalabs.com/wp-content/themes/labs2.0/img/submit-arrow.png

The https:// resources are available at:
https://mozillalabs.com/files/2011/07/webfwd_badge.png
https://mozillalabs.com/wp-content/themes/labs_project/img/labkit-header.png
https://mozillalabs.com/wp-content/themes/labs2.0/img/submit-arrow.png

Set the preference security.warn_viewing_mixed to true and you'll see the problem.
Jetpack/FlightDeck/Add-ons Builder links to https://jetpack.mozillalabs.com/sdk/latest/docs/, which has the same problem.
Assignee: nobody → server-ops-labs
Component: General → Server Operations: Labs
OS: Windows 7 → All
Product: Mozilla Labs → mozilla.org
QA Contact: general → zandr
Hardware: x86 → All
Version: unspecified → other
jetpack.mozillalabs.com uses an invalid security certificate.

The certificate is only valid for the following names:
  www.mozilla.com , mozilla.com  

(Error code: ssl_error_bad_cert_domain)
Severity: normal → major
These .mozillalabs.com sites are hosted by webops resources, so it's not something I can fix in Labs, re-assigning.
Assignee: server-ops-labs → server-ops
Component: Server Operations: Labs → Server Operations: Web Operations
QA Contact: zandr → cshields

Updated

6 years ago
Assignee: server-ops → eziegenhorn

Updated

6 years ago
Assignee: eziegenhorn → nmaul

Comment 4

6 years ago
This seems to be 3 unrelated issues in one bug. Please try not to do this if possible, as it can cause some things to get fixed while others get overlooked. :)


1) https://mozillalabs.com/ redirects to /en-US/ for me, which does not seem to load any non-SSL resources (comment 0). Perhaps this was fixed already? In any case, we'd have to send this to the betafarm developers, as IT/webops does not control actual site content like this.

2) https://jetpack.mozillalabs.com/ does have a cert error. This is fixed (via TLS SNI, so most browsers will be fine).

3) The entirety of https://jetpack.mozillalabs.com/ is all 403/404. The non-SSL page redirects to https://addons.mozilla.org/en-US/developers/. I think this traces back to some recent SSL changes we had to make due to an expiring wildcard cert. I've fixed this for jetpack.mozillalabs.com, and will be opening another bug to investigate further.


I will move this back to Mozilla Labs for further investigation on issue #1.
Assignee: nmaul → server-ops-labs
Severity: major → normal
Component: Server Operations: Web Operations → Server Operations: Labs
QA Contact: cshields → zandr

Updated

6 years ago
Assignee: server-ops-labs → nobody
Component: Server Operations: Labs → Betafarm
Product: mozilla.org → Websites
QA Contact: zandr → betafarm
Confusingly enough, the mozillalabs site is not part of the Labs product group, but a Website codenamed Betafarm.

(We should rename that component, I'll see about getting that done).

cc'ing pmac who'se the dev on betafarm/mozillalabs.com

Comment 6

6 years ago
Responding to Jake Maul on issue #1.

This original bug was filed prior to the launch of the new site on April 16. That bug references a wordpress site that is no longer live and this issue is no longer valid.

I propose closing this bug and handling the jetpack issues as sep bugs.

Comment 7

6 years ago
The jetpack issues (#2 and #3 from commetn 4) are both resolved already. Seems like there's nothing more to do here.... resolving.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

5 years ago
Component: Betafarm → mozillalabs.com
You need to log in before you can comment on or make changes to this bug.