Closed
Bug 900449
Opened 11 years ago
Closed 11 years ago
https://www.ubuntu.si has active mixed content (iframe) that are blocked by the mixed content blocker
Categories
(Tech Evangelism Graveyard :: Slovenian, defect)
Tech Evangelism Graveyard
Slovenian
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: stefan-moz02, Unassigned)
References
()
Details
(Whiteboard: [mcb-chrome30+][mcb-ie?])
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130729175331
Steps to reproduce:
Visited https://www.ubuntu.si/ with FireFox 23 (currently in beta)
Actual results:
An iframe content was blocked by mixed content blocker. Error console:
Blocked loading mixed active content "http://www.indiegogo.com/project/461046/widget"
Expected results:
These resources should be loaded via https
(either by fixing the references on the site, or resolving Bug 776278)
Reporter | ||
Updated•11 years ago
|
Comment 1•11 years ago
|
||
In Chrome 30+, this is blocked without a way for the user to override because ubuntu.si sets the STS header, and hence really should not have mixed content.
[blocked] The page at https://www.ubuntu.si/ ran insecure content from http://www.indiegogo.com/project/461046/widget.
Matt, can you check IE when you get a chance? Thanks!
Whiteboard: [mcb-chrome30+][mcb-ie?]
Reporter | ||
Comment 2•11 years ago
|
||
Preventing mixed content based solely on presence of HSTS header would imply new meaning to the HSTS header, which is not standard (yet). See Bug 800098.
Web site maintainers notified via facebook:
https://www.facebook.com/UbuntuSlovenija/posts/599087090111616?comment_id=6678161
and email {andrejm,luka}@[site domain]
Reporter | ||
Comment 3•11 years ago
|
||
The iframe src on the site was fixed (changed from http to https) a few minutes ago, satisfying the mixed content blocker.
Comment 4•11 years ago
|
||
Thanks Stefan!
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•