Closed
Bug 812760
Opened 12 years ago
Closed 8 years ago
Firefox gives spurious non-encrypted content warnings when closing FancyBox due to about:blank load in subframe
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: bugzilla.mozilla, Unassigned, NeedInfo)
References
Details
(Whiteboard: [psm-padlock])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Build ID: 20121026114414 Steps to reproduce: 1. Visit https://www.simbahosting.co.uk 2. Click on "Contact" towards the top right. A FancyBox opens. 3. Close the FancyBox Actual results: Firefox puts up a "You have requested an encrypted page that contains some unencrypted information." warning. However, wireshark (listening on all interfaces) and Firefox's Net Console all show that there is no request being made or other traffic anywhere when the FancyBox is closed. Neither is any non-https: link findable in the source code. I've checked this in Opera and Chrome and Internet Explorer and none of those reported the phantom non-encrypted content. The warning appears to be entirely bogus. Expected results: The FancyBox closes without any spurious non-SSL warnings.
Comment 1•12 years ago
|
||
I can't reproduce this with Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/19.0 Firefox/19.0 I tried to open/close the contact page multiple times
Reporter | ||
Comment 3•12 years ago
|
||
(I am the original bug reporter). I just tried it on Firefox 16.0.2 on Windows XP - no error appears. So the error appears to be restricted to Linux (also Firefox 16.0.2 - the stock build from Fedora). It is not restricted to the contact page; there are several FancyBox uses on the site (with a valid login) - they all manifest the problem. Closing the FancyBox for the first time on any page always brings up a spurious non-encrypted content warning.
Comment 4•12 years ago
|
||
Are there any extensions involved? Does the problem appear in safe mode?
Reporter | ||
Comment 5•12 years ago
|
||
I ran: /usr/bin/firefox -safe-mode FireFox popped up a window to confirm it was in safe mode. Same results: the spurious warning is still there.
Comment 6•12 years ago
|
||
Thanks. I can't see the popup, but I do see the page transition to the no-security state. The problem seems to be that there's an about:blank load in a subframe that for some reason the security UI decides to treat as an insecure load. That's ... quite weird.
Status: UNCONFIRMED → NEW
Component: General → Security
Ever confirmed: true
Summary: Firefox gives spurious non-encrypted content warnings when closing FancyBox → Firefox gives spurious non-encrypted content warnings when closing FancyBox due to about:blank load in subframe
Comment 7•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #6) > Thanks. I can't see the popup mixed content warning does not pop up due to Bug 799009. I think this is bug 506008 .
Depends on: 506008
Comment 8•12 years ago
|
||
(In reply to Alice0775 White from comment #7) > (In reply to Boris Zbarsky (:bz) from comment #6) > > Thanks. I can't see the popup > > mixed content warning does not pop up due to Bug 799009. That change landed for Firefox 19. This is reported against Firefox 16. So, Boris, you may want to try with a beta or release build.
Component: Security → Security: UI
Comment 9•12 years ago
|
||
My point was that in a trunk build, I see the SSL indicator go away and logging the security UI stuff shows us leaving the "encrypted" state when that about:blank load happens.
Comment 10•12 years ago
|
||
(In reply to bugzilla.mozilla from comment #3) > (I am the original bug reporter). I just tried it on Firefox 16.0.2 on > Windows XP - no error appears. So the error appears to be restricted to > Linux (also Firefox 16.0.2 - the stock build from Fedora). It is not > restricted to the contact page; there are several FancyBox uses on the site > (with a valid login) - they all manifest the problem. Closing the FancyBox > for the first time on any page always brings up a spurious non-encrypted > content warning. I just tested this on a Mac using Firefox 16.0.2 and everything looks fine. Why is this a linux specific error? As far as I know, our security ui code is not platform specific. It looks like https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSecureBrowserUIImpl.cpp#822 makes an exception for protocols that are URI_IS_LOCAL_RESOURCE. For moz-safe-about (which includes about:blank) you don't have that protocol flag - http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/about/nsAboutProtocolHandler.cpp#192
Comment 11•12 years ago
|
||
> I just tested this on a Mac using Firefox 16.0.2 and everything looks fine. Comment 9 applies to a Mac current trunk buikld. > For moz-safe-about (which includes about:blank) you don't have that protocol flag That may well be a bug, then, yes?
Updated•11 years ago
|
Whiteboard: [psm-padlock]
Is this still an issue? I can't reproduce this.
Flags: needinfo?(bugzilla.mozilla)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•