Corrupted Content Error on Firefox 12 and later due to an empty Location response header

RESOLVED FIXED

Status

()

Core
Networking
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: kohei, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox12-, firefox13-)

Details

(URL)

(Reporter)

Description

6 years ago
Beta testers are reporting that they're encountering the Corrupted Content Error on some sites, started with Firefox 12.

http://input.mozilla.com/ja/?product=firefox&version=12.0&q=Corrupted

Affected sites:
http://pex.jp/
https://my.studylink.govt.nz/siteminder-web/login.do
and maybe others

I couldn't find any existing bugs for Firefox 12, so I've filed a new one.
Both those sites contain a empty "Location: " response header.

That is specifically a security vulnerability the change was meant to close, so evangelism is in order.
Keywords: regression
(Reporter)

Updated

6 years ago
Keywords: dev-doc-needed, relnote
(Reporter)

Comment 2

6 years ago
People claim the issue is happening on Oracle's PeopleSoft applications. CCing Kev for outreach.
http://input.mozilla.com/ja/opinion/2802975
http://input.mozilla.com/ja/opinion/2802531

Another (Japanese) site from Firefox Input:
https://aqfr.net/
(Reporter)

Comment 3

6 years ago
Looks like http://pex.jp/ (in my comment 0) and https://aqfr.net/ (in my comment 2) are run by the same Japanese company. I'll try to reach out to them if needed.
(Reporter)

Updated

6 years ago
Summary: Corrupted Content Error on Firefox 12 and later → Corrupted Content Error on Firefox 12 and later due to an empty Location response header
(Reporter)

Comment 4

6 years ago
Bug 727495 was resolved dup of Bug 699502, so I'm doing the same for this.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 699502

Updated

6 years ago
tracking-firefox12: --- → +
tracking-firefox13: --- → +

Updated

6 years ago
Status: RESOLVED → REOPENED
Depends on: 742174
Resolution: DUPLICATE → ---

Updated

6 years ago
No longer depends on: 742174

Updated

6 years ago
Depends on: 742174

Updated

6 years ago
tracking-firefox12: + → -
tracking-firefox13: + → -
Fixed by 742174: by popular demand we are now allowing empty Location headers again.
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 742174
This is now mentioned on Firefox 12 for developers.
Keywords: dev-doc-needed → dev-doc-complete
(Reporter)

Comment 7

5 years ago
(In reply to Eric Shepherd [:sheppy] from comment #6)
> This is now mentioned on Firefox 12 for developers.

Ah, I've forgot to remove the dev-doc-needed keyword. Bug 742174 has been fixed to allow empty Location response headers again. I just removed the mention. Sorry for the confusion.
status-firefox11: unaffected → ---
status-firefox12: affected → ---
status-firefox13: affected → ---
status-firefox14: affected → ---
Keywords: dev-doc-complete, relnote
Resolution: DUPLICATE → FIXED
You need to log in before you can comment on or make changes to this bug.