Using FF 14.0.1 even in Safe Mode and with a new profile, the URL is completely non-functional while working in Chromium and IE. Error console is full of errors like: Timestamp: 8/16/2012 8:49:52 AM Error: ReferenceError: jQuery is not defined Source File: http://www.southerncalifornia.buyatoyota.com/scripts/jqtransformplugin/jquery.jqtransform.js Line: 369
The link works for me with Firefox 14.0.1 on Mac... You're sure you don't have any extensions (esp. ones that block some network access) installed system-wide?
There are no extensions installed. It is a brand-new install of FF. It could be something unique to the corporate network and/or domain membership, but it doesn't affect Chromium or IE.
OK. What does your UA string look like? When you view source on the site, do you see this part: <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script> ?
(In reply to Boris Zbarsky (:bz) [In and out Aug 1 - 10, out Aug 11-20] from comment #4) > OK. What does your UA string look like? Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1 > When you view source on the site, do you see this part: > > <script > src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></ > script> > > ? Yes. It is the first script element on the page on line #14.
I turned on request/response logging and there's this interesting line: [14:07:57.844] GET https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js [undefined 78ms]
Does that URL work if you load it directly? https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js What about the "http" version? http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
They both work as direct links. I have a feeling this has to do with the fact that my corporate network uses Websense filtering with built-in SSL interception. Although I've OK'd the corporate certificate (that's why it works directly), I suspect there is something in Firefox that's refusing to load that script because the certificate doesn't match the domain.
That's it. I was able to get a prompt asking me to confirm the security exception by trying to load https://ajax.googleapis.com. Once I OK'd that, everything works. I guess the real trouble here is the silent failure. Many businesses, and especially government agencies, use SSL interception firewalls and this behavior breaks some sites without the end user having any hope of even knowing what's happening.
The reason IE and Chrome do not display this issue is because they use the Windows Certificate Store, which already has the corporate certificate installed. FF has its own store which the user controls, even in a corporate environment (which isn't a bad thing for the user). FF's certificate management was how I discovered that our corporate IT had implemented a MITM attack on all HTTPS traffic. I'm not sure what the right thing to do is, but my initial inclination is that whenever any element of a page experiences a certificate error FF should display the same dialog that it would if the page itself had the same issue.
The network console or the browser console can be used to diagnose the issue in these cases.
The issue was already diagnosed. Are you confirming that page elements that aren't loaded due to certificate errors cause the user to be alerted to that failure?
I'm saying if a user needs to investigate a failure like this, they can use those tools. As a result, there's nothing more we need to do here in this bug.
So it's WONTFIX rather than WORKSFORNE.