Open Bug 904807 Opened 11 years ago Updated 2 years ago

Permission denied to create wrapper for object of class UnnamedClass

Categories

(Core :: Security, defect)

23 Branch
x86_64
Windows 7
defect

Tracking

()

People

(Reporter: allen_anselmo, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36

Steps to reproduce:

Opened the https://bioticssk.natureserve.org mapper system in firefox 23.0, which automatically loads information from insecure (http) ArcGIS server 10.1 REST interfaces using the ArcGIS javascript API esri.request functionality (based on dojo framework ajax calls).


Actual results:

Each equest threw back exceptions of "Permission denied to create wrapper for object of class UnnamedClass" and thus failed to load, stopping the page from accessing those layers.


Expected results:

The layers should have been accessed, loaded into the map and added to the interface for the users to be able to manipulate their GIS content. This works in IE 9/10 and Chrome once you click through the loading insecure content errors, but firefox doesn't have that sort of thing and instead is throwing these exceptions.

We have clients programs in every US state and Canadian province that are going to be using these sites and firefox has been our suggested browser til this, but this bug is crippling and I hope can be bypassed or fixed quickly.
(In reply to Allen Anselmo from comment #0)
> Opened the https://bioticssk.natureserve.org mapper system in firefox 23.0
Credentials needed
Blocks: 786852
Component: Untriaged → Security
Product: Firefox → Core
Apologies, had to create them. 

user: FirefoxDev / pass: FirefoxTemp

Click on View Map once in the main menu. It should throw all the errors on loading the layers in the map page.
Further apologies, I had to disable the account on bioticsk and provide one on our pilot instead.

Go to https://bioticspilot.natureserve.org/biotics/services/page/map.html

Same credentials above.

Error is only happening for one layer being called insecurely instead of 12, but the same issue applies.
(In reply to Allen Anselmo from comment #2)
> Click on View Map once in the main menu. It should throw all the errors on
> loading the layers in the map page.
Confirmed
Status: UNCONFIRMED → NEW
Ever confirmed: true
I see some "blocked loading mixed active content" errors in error console.
Tanvi, any thoughts please ?
Flags: needinfo?(tanvi)
Wow. Looking at http://blog.mozilla.org/tanvi/ apparently they've just added blocked mixed content to firefox without warning. And like chrome, they've gone the route of adding a too-subtle shield to the url bar as the only indication that it's blocking it. I guess this is as designed then. If you click the shield and in the drop-down select Disable Protection for this Page, it fixes the issue and the insecure layer loads fine.

The _lack_ of this sort of warning was actually something that led us to prefer firefox for our clients using this. I honestly think both Firefox and Chrome need to do more than show a tiny shield, they should pop up a warning to users when this happens.

In any case, thanks for looking into this and bringing the name Tanvi to my attention so that I discovered this article.
(In reply to Allen Anselmo from comment #6)
> The _lack_ of this sort of warning was actually something that led us to
> prefer firefox for our clients using this. I honestly think both Firefox and
> Chrome need to do more than show a tiny shield, they should pop up a warning
> to users when this happens.
> 

Improving the discoverability of the Mixed Content Blocker is being discussed in bug https://bugzilla.mozilla.org/show_bug.cgi?id=834828.  The most recent update that I have is that UX is working on some mockups to test out different animations that we could use to make the shield more visible.
Blocks: 844556
Flags: needinfo?(tanvi)
Note that if anyone gets this error while writing a mochitest, it can be fixed by adding
> netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");

(totally unrelated to this bug, but it was the first resource I found with a search engine).
Flags: needinfo?(allen_anselmo)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.