Open Bug 784276 Opened 12 years ago Updated 2 years ago

unencrypted content on encrypted page warning upon 301 redirect

Categories

(Firefox :: Security, defect)

14 Branch
x86_64
Linux
defect

Tracking

()

UNCONFIRMED

People

(Reporter: cgenie, Unassigned)

Details

Attachments

(2 files)

Attached image google_maps_race.png
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/11.10 Chromium/18.0.1025.168 Chrome/18.0.1025.168 Safari/535.19

Steps to reproduce:

I set up about:config -> security.warn_viewing_mixed = true, security.warn_viewing_mixed.show_once = false
I have a website with account view, where google maps API is used. This is served via the HTTP protocol. Google Maps generate some network traffic, as reported by Firebug. When I quickly go to another page, which has a 301 redirect, then it seems that the Google traffic is still happening, while the HTTPS page is not yet loaded (see the screenshot; the first URL is the HTTP page with redirect, the second one is the HTTPS page, the third is a Google Maps request).


Actual results:

I get the 'unencrypted content on encrypted page' warning.


Expected results:

Probably this Google HTTP network traffic be blocked before the redirect is made.
Just in case it's related: bug 781411.
I've actually tested it on FF 3.5, but then discovered that the about:config settings were turned off and discovered that FF 14 also had this problem.
Chromium seems not to be affected.
Also, this doesn't seem a problem with firebug, since invocation of the Web Console shows that the http request coming from the old site is performed after the GET of https, screenshot attached.
Attached image Web Console
Component: Untriaged → Security
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: