828512 - Javascript loaded over SSL silently fails if requested on an alternate port when the certificate has already been allowed for port 80

Status: RESOLVED DUPLICATE of bug 700837

(Firefox :: Untriaged, defect)

Description

[dwight.hobbs]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20121231071231

Steps to reproduce:

Having Javascript includes on a page from the same host (and same SSL certificate) but different ports causes Firefox to generate the certificate warning page on the first visit. After adding an exception for the certificate the exception is added for port 80 and will silently fail to load Javascript from alternate ports. The site I'm working on is using a self-signed certificate and can be reproduced with the following:

<script src="https://192.168.1.50/jquery.js"></script>
<script src="https://192.168.1.50:8080/socket.io.js"></script>


Actual results:

Browsing to a site with the above includes will load jquery.js (after approving an exception) but silently blocks the attempt to load socket.io.js. Attempting to browse directly to the include on port 8080 correctly raises the certificate warning for port 8080 and, after adding an exception, allows the library to load correctly on the original site.

Using Firebug's Net console the connection to 192.168.1.50:8080 is silently Aborted on each page load, due to the unsigned certificate and no exception being present.


Expected results:

Ideally, adding an exception for port 443 would also allow SSL traffic on other ports. If this is too much of a security risk then both certificates should be presented to approve, or the certificate for port 8080 should be presented on the next page load.