Open
Bug 784276
Opened 12 years ago
Updated 2 years ago
unencrypted content on encrypted page warning upon 301 redirect
Categories
(Firefox :: Security, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: cgenie, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/11.10 Chromium/18.0.1025.168 Chrome/18.0.1025.168 Safari/535.19 Steps to reproduce: I set up about:config -> security.warn_viewing_mixed = true, security.warn_viewing_mixed.show_once = false I have a website with account view, where google maps API is used. This is served via the HTTP protocol. Google Maps generate some network traffic, as reported by Firebug. When I quickly go to another page, which has a 301 redirect, then it seems that the Google traffic is still happening, while the HTTPS page is not yet loaded (see the screenshot; the first URL is the HTTP page with redirect, the second one is the HTTPS page, the third is a Google Maps request). Actual results: I get the 'unencrypted content on encrypted page' warning. Expected results: Probably this Google HTTP network traffic be blocked before the redirect is made.
Comment 1•12 years ago
|
||
Just in case it's related: bug 781411.
I've actually tested it on FF 3.5, but then discovered that the about:config settings were turned off and discovered that FF 14 also had this problem. Chromium seems not to be affected. Also, this doesn't seem a problem with firebug, since invocation of the Web Console shows that the http request coming from the old site is performed after the GET of https, screenshot attached.
Updated•12 years ago
|
Component: Untriaged → Security
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•