Closed Bug 889170 Opened 11 years ago Closed 9 years ago

Mixed content blocked on https://social.technet.microsoft.com/forums and msdn pages

Categories

(Web Compatibility :: Desktop, defect)

Product:
Web Compatibility
Component:
Desktop
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mrkmg90, Assigned: karlcow)

References

(
URL
)

Details

(Whiteboard: [mcb-chrome][mcb-ie][mcb-thirdparty-notified] [country-us] [sitewait]) 

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130625125232

Steps to reproduce:

Microsofts TechNet Forums (https://social.technet.microsoft.com/) have mixed content blocked css issues.

https is ENFORCED (it will redirect to https if you use http)
Blocks: 844556
URL: http://social.technet.microsoft.com/
Summary: Mixed content blocked on https://social.technet.microsoft.com (forces https connection) → Mixed content blocked on https://social.technet.microsoft.com/forums (forces https connection)
On further investigation HTTPS is not enforced I did not realize SSL Everywhere was forcing the HTTPS
Summary: Mixed content blocked on https://social.technet.microsoft.com/forums (forces https connection) → Mixed content blocked on https://social.technet.microsoft.com/forums
Looks like a bunch of mixed content javascript and css on https://social.technet.microsoft.com/forums.  Is the page meant to be visited over HTTP?  Note that this is also disfunctional in chrome and probably IE too.  Adding mwobensmith to check IE.

Here is the blocked content:

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/c311ac355ab86792a6e08075b8b0ee5c-65fc3dd2161efddaf2586e3480fefa05-RequestReducedStyle.css" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.7.1.min.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/639c98f293cddc68fad3f7399d532455-18d11f498d881982314e3766a71adaea-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home
Blocked loading mixed active content "http://i3.social.s-msft.com/Forums/en-US/resources.js?cver=0%0d%0a" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/8d139c8066d803d2a63f2f7a1191a426-dba6992703344a9f283bc5da37387805-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/2b688cebbf02dcd2a3feb3d1efa26ce9-103ada3ed00fabbc5490c6fd9fc390c0-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/50d5994a6fb4a98b2fe77d40bcb70a7f-423915b0fb2c685aade13f224505b20d-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/831c3b08f572fdec0dbb33b3c2370b60-ad185a92a0a220e54b7f4d2f3f8b4fe5-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://js.microsoft.com/library/svy/sto/broker.js" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://widgets.membership.s-msft.com/v1/loader.js?brand=Technet&lang=en-US" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.services.social.microsoft.com/Search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Technet&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=Technet&overrideWatermark=false&cver=0%0d%0a" @ https://social.technet.microsoft.com/Forums/en-US/home

Blocked loading mixed active content "http://i1.social.s-msft.com/Forums/RequestReduceContent/1137f6ae0c6c7e7ceac4da6ce50ab853-5a2f94dc21073343ab81408279f43af3-RequestReducedScript.js" @ https://social.technet.microsoft.com/Forums/en-US/home
QA Contact: mwobensmith
Whiteboard: [mcb-chrome][mcb-ie?]
IE10 bad also.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [mcb-chrome][mcb-ie?] → [mcb-chrome][mcb-ie]
Anyone have a microsoft contact we can ping for this?  Do they have a security@ type channel for their websites?
I have no idea and no contacts. It has been seven years since I worked there.
And this site (although it took me a number of trys before msdn stopped redirecting me back to the http version):

https://blogs.msdn.com/?Redirected=true

Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/040febf24fcc2200bac8689c2c661469-6861262f69c7b3f0a4ef5ad650fcc07b-RequestReducedStyle.css" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/caca7208980eaf94bfaea2055c3b3aa9-ffc9f7e1f0412800af51bef62a866f63-RequestReducedStyle.css" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.5.2.min.js" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/2ece30d43f884d4e7803b08e1edb1165-c5a6c30258db7599e5616c90a28418e6-RequestReducedScript.js" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i4.services.social.microsoft.com/Search/Widgets/SearchBox.jss?boxid=SearchTextBox_Header&btnid=SearchButton_Header&brand=MSDN&refinement=109&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=false&beta=0&iroot=&overrideWatermark=false" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/29ac626f15a86b7184627da88610b06b-14e0c332a84e56b6d37629b4d8cac65a-RequestReducedScript.js" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/aadc2cef66c17fefd3eb5fd36ee9b1ae-117977241f696e96a1f171968d5f437c-RequestReducedScript.js" @ https://blogs.msdn.com/?Redirected=true
Blocked loading mixed active content "http://i1.blogs.msdn.com/rrcontent/1098c64abfbf6e7a3a88d3e2d6c5a043-0504c0fa449b909ab2cb1f13355532e6-RequestReducedScript.js" @ https://blogs.msdn.com/?Redirected=true
And https://social.msdn.microsoft.com/profile/brian%20keller/

Blocked loading mixed active content "http://i1.social.s-msft.com/Profile/RequestReduceContent/a6b703a6b509bd4afc6ea4f6dc0f7b1d-d8a906d56d0fe2ce0112e846b1d6e9c9-RequestReducedStyle.css" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.7.1.min.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://i1.social.s-msft.com/Profile/RequestReduceContent/8b2d43a914cd6ad1ad7549b781b7c4db-6584225de39c1527dd5dd7bce11792ab-RequestReducedScript.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://i1.social.s-msft.com/Profile/RequestReduceContent/b08443bf478c4c3345587fc67a852969-ca0cdd54565a1bbc5bdc4ecb0c8f35c3-RequestReducedScript.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.validate/1.9/jquery.validate.min.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.templates/beta1/jquery.tmpl.min.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://i1.services.social.microsoft.com/Search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=&overrideWatermark=false&cver=0%0d%0a" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Blocked loading mixed active content "http://i1.social.s-msft.com/Profile/RequestReduceContent/1dcdaebb21383dd629ebce42ea10174b-4958017e9b075eb845f64c6aa0bffbfe-RequestReducedScript.js" @ https://social.msdn.microsoft.com/profile/brian%20keller/
Summary: Mixed content blocked on https://social.technet.microsoft.com/forums → Mixed content blocked on https://social.technet.microsoft.com/forums and msdn pages
Whiteboard: [mcb-chrome][mcb-ie] → [mcb-chrome][mcb-ie][mcb-no-contact]
Note that for the msdn pages, you have to explicitly try to get to the https version.  Hence, msdn may be more of a problem for HTTPS Everywhere users than for our general users.

I have emailed secure@microsoft.com
> I have emailed secure@microsoft.com

They responded and said they have passed the info on to the site owners.
Whiteboard: [mcb-chrome][mcb-ie][mcb-no-contact] → [mcb-chrome][mcb-ie][mcb-third-party-notified]
Whiteboard: [mcb-chrome][mcb-ie][mcb-third-party-notified] → [mcb-chrome][mcb-ie][mcb-thirdparty-notified]
Assignee: english-us → nobody
Component: English US → Desktop
Whiteboard: [mcb-chrome][mcb-ie][mcb-thirdparty-notified] → [mcb-chrome][mcb-ie][mcb-thirdparty-notified] [country-us] [sitewait]
The site still exhibits the issue.
For Microsoft team:

1. Open Firefox 
2. Open Webdeveloper Tools Console and select [Net]
3. Load http://social.technet.microsoft.com/Forums/en-US/home
4. Notice all the mixed content Blocking.
Status: NEW → ASSIGNED
Assignee: nobody → kdubost
I have contacted Microsoft directly, my Tech Evangelism counterpart.
Looks we can repro this as well. I have filed a bug [msft ref#948935] with our TechNet team. Thanks so much for the heads up!
> Hey Karl, I circled back today and see that this no longer repros. 
> Are you seeing this behaviour anywhere else?
> 
> If not, we can close the bug, both on your side and mine.

I confirm this has been fixed.
Thanks a lot to Joseph and Microsoft teams.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
I have the same problem for years, I have even installed windows 7 and 8.1 evaluation but it is still redirected ! I went to the police to make a declaration about it but they don't care about my problems.  I have contacted support but they keep closing my case. I also asked questions on the answers support page but they edit my post and then deleted my question. They also blocked my profile. HELP !
Also when I go to this site : http://www.microsoft.com/en-us/evalcenter/evaluate-windows-8-1-enterprise it is redirected to : 127.0.0.1, c.microsoft.com, nexus.ensighten.com/technet_evalcenter/Bootstrap.js, oss.maxcdn.com, client.akamai.com
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.