Closed Bug 746504 Opened 13 years ago Closed 12 years ago

[ignite] ignite loads some images over http resulting in a mixed content condition

Categories

(mozillaignite Graveyard :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: mgoodwin, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-low, Whiteboard: [infrasec:tls] [ws:low])

I forgot to reference this issue in the related bug 745151. Issue: Requests to sencha.io for images are made over HTTP; this prevents the browser from presenting the site as 'secure' to the user (domain no longer highlighted in blue, etc). This isn't a major security issue (the worst an attacker can do in this case is intercept and / or change images) but can make users less vigilant to more serious issues in the future. Steps to reproduce: 1) Enable web console (turn on Net logging) 2) Visit ignite 3) Observe requests to src.sencha.io take place over SSL Remediation: Sencha do not seem to provide an SSL service (which is a shame) so if you want to resolve this issue (it's not a blocker, in my opinion) we'd need to resize / serve these images ourselves.
We removed sencha so this no longer causes an issue. The mixed content may now be that a user has included additional images linked from their own sites, or elsewhere on the web in support of their application.
Component: www.drumbeat.org → General
Product: Websites → mozillaignite
QA Contact: ross
(In reply to Ross Bruniges from comment #1) > We removed sencha so this no longer causes an issue. > > The mixed content may now be that a user has included additional images > linked from their own sites, or elsewhere on the web in support of their > application. Let's not worry about users' content in the context of this bug. If sencha is no longer used we can close out this issue.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Group: websites-security
You need to log in before you can comment on or make changes to this bug.