Closed
Bug 895574
Opened 11 years ago
Closed 10 years ago
https://www.ea.com does not work properly because of mixed content blocking
Categories
(Tech Evangelism Graveyard :: English US, defect)
Tech Evangelism Graveyard
English US
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: tanvi, Unassigned)
References
()
Details
(Whiteboard: [mcb-chrome][mcb-ie][mcb-no-contact])
+++ This bug was initially created as a clone of Bug #892810 +++ Mixed content blocking is a feature that prevents insecure elements on secure pages from loading. In Firefox 23, this feature will default to blocking "active" insecure content, which may break some web sites. More information on Firefox's Mixed Content Blocker is below: http://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ The security feature is currently breaking the HTTPS version ea.com. The following HTTP css and javascript content is Blocked: Blocked loading mixed active content "http://web-static.ea.com/atlas/sw-combine/1374078725/459cb1dc4fa76b8c3948dfa4933b8890.css?v=1374078725" @ https://www.ea.com/ Blocked loading mixed active content "http://web-static.ea.com/atlas/sw-combine/1374078725/6f7f59608e57ea63b42b0b6cbd84b0e7.css?v=1374078725" @ https://www.ea.com/ Blocked loading mixed active content "http://web-static.ea.com/atlas/ui/skin/basiq/css/font-locator-klavika.css?v=12" @ https://www.ea.com/ Blocked loading mixed active content "http://fonts.ea.com/ipn3tud.js" @ https://www.ea.com/ Blocked loading mixed active content "http://web-static.ea.com/atlas/sw-combine/1374078725/aa9b219f67624074aa6ae611eb06bda0.js?v=1374078725" @ https://www.ea.com/ Blocked loading mixed active content "http://web-static.ea.com/atlas/sw-combine/1374078725/36a1a0d2fdf1f7ba7dcc49241f559ca1.js?v=1374078725" @ https://www.ea.com/ Blocked loading mixed active content "http://connect.facebook.net/en_US/all.js#xfbml=1" @ https://www.ea.com/ Blocked loading mixed active content "http://static.ak.fbcdn.net/connect.php/js/FB.Share" @ https://www.ea.com/ Blocked loading mixed active content "http://platform.twitter.com/widgets.js" @ https://www.ea.com/ Blocked loading mixed active content "http://display.digitalriver.com/?aid=244&tax=eapmg" @ https://www.ea.com/ Blocked loading mixed active content "http://resources.ea.com/omniture/utils.js" @ https://www.ea.com/ Blocked loading mixed active content "http://resources.ea.com/omniture/s_code_remote_v02.js" @ https://www.ea.com/ Blocked loading mixed active content "http://resources.ea.com/omniture/omniture_wrapper.js" @ https://www.ea.com/ This issue should also exist for your IE and Chrome users (although I have not confirmed on IE). To fix this security issue, serve the content over HTTPS and change the link in the HTML source to point to the https:// version of the content. This was originally reported by a user in bug https://bugzilla.mozilla.org/show_bug.cgi?id=844556#c29
Reporter | ||
Comment 1•11 years ago
|
||
Matt, can you test this in IE?
Comment 2•11 years ago
|
||
SSL cert error on IE10.
Reporter | ||
Comment 3•11 years ago
|
||
Looks like they made some change today and now the affected url is https://www.ea.com. The cert isn't valid for https://ea.com. Matt, can you check the www domain on IE?
URL: https://ea.com → https://www.ea.com
Summary: https://ea.com does not work properly because of mixed content blocking → https://www.ea.com does not work properly because of mixed content blocking
Comment 4•11 years ago
|
||
Using https://www.ea.com I do indeed see a mixed content warning in IE10.
Whiteboard: [mcb-chrome][mcb-ie?][mcb-no-contact] → [mcb-chrome][mcb-ie][mcb-no-contact]
Comment 5•11 years ago
|
||
Tweeted to them about this bug (while waiting to try and find a proper contact) https://twitter.com/lsblakk/status/358322510401519616
Comment 6•10 years ago
|
||
Looks like they have fixed it, kinda. http -h GET https://www.ea.com User-Agent:'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0' HTTP/1.1 301 Moved Permanently Location: http://www.ea.com/
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•