Last Comment Bug 738122 - Corrupted Content Error on Firefox 12 and later due to an empty Location response header
: Corrupted Content Error on Firefox 12 and later due to an empty Location resp...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Networking (show other bugs)
: Trunk
: All All
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Patrick McManus [:mcmanus]
Mentors:
http://input.mozilla.com/ja/?product=...
Depends on: 742174
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-21 19:47 PDT by Kohei Yoshino [:kohei]
Modified: 2012-04-27 22:13 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
-
-


Attachments

Description Kohei Yoshino [:kohei] 2012-03-21 19:47:35 PDT
Beta testers are reporting that they're encountering the Corrupted Content Error on some sites, started with Firefox 12.

http://input.mozilla.com/ja/?product=firefox&version=12.0&q=Corrupted

Affected sites:
http://pex.jp/
https://my.studylink.govt.nz/siteminder-web/login.do
and maybe others

I couldn't find any existing bugs for Firefox 12, so I've filed a new one.
Comment 1 Patrick McManus [:mcmanus] 2012-03-21 19:54:11 PDT
Both those sites contain a empty "Location: " response header.

That is specifically a security vulnerability the change was meant to close, so evangelism is in order.
Comment 2 Kohei Yoshino [:kohei] 2012-03-25 03:32:45 PDT
People claim the issue is happening on Oracle's PeopleSoft applications. CCing Kev for outreach.
http://input.mozilla.com/ja/opinion/2802975
http://input.mozilla.com/ja/opinion/2802531

Another (Japanese) site from Firefox Input:
https://aqfr.net/
Comment 3 Kohei Yoshino [:kohei] 2012-03-25 03:50:42 PDT
Looks like http://pex.jp/ (in my comment 0) and https://aqfr.net/ (in my comment 2) are run by the same Japanese company. I'll try to reach out to them if needed.
Comment 4 Kohei Yoshino [:kohei] 2012-03-25 05:02:18 PDT
Bug 727495 was resolved dup of Bug 699502, so I'm doing the same for this.

*** This bug has been marked as a duplicate of bug 699502 ***
Comment 5 Jason Duell [:jduell] (needinfo me) 2012-04-09 16:58:21 PDT
Fixed by 742174: by popular demand we are now allowing empty Location headers again.

*** This bug has been marked as a duplicate of bug 742174 ***
Comment 6 Eric Shepherd [:sheppy] 2012-04-27 17:28:21 PDT
This is now mentioned on Firefox 12 for developers.
Comment 7 Kohei Yoshino [:kohei] 2012-04-27 22:13:02 PDT
(In reply to Eric Shepherd [:sheppy] from comment #6)
> This is now mentioned on Firefox 12 for developers.

Ah, I've forgot to remove the dev-doc-needed keyword. Bug 742174 has been fixed to allow empty Location response headers again. I just removed the mention. Sorry for the confusion.

Note You need to log in before you can comment on or make changes to this bug.