Closed
Bug 905666
Opened 11 years ago
Closed 11 years ago
Cannot follow links to non-secure pages within iframes in a secure page
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 902350
People
(Reporter: nullpost-mz, Unassigned)
Details
Attachments
(1 file)
1.06 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130730113002 Steps to reproduce: I found this on Drupal 7 websites that use the administrative overlay (which is in an iframe). But it can be reproduced like this: 1. Create a page with an iframe in it. 2. Have the page in the iframe contain a link using http. 3. Visit the page on a secure connection. 4. Click the link. I've attached a couple of test HTML files. Obviously don't run them from file://, you'll need to put them on a web server with a certificate. Actual results: You get the mixed content blocked shield in the address bar. In my test cases (Drupal) the link has a target of "_parent", i.e. you are leaving the iframe page so there shouldn't be a security risk. Expected results: It should go to the link. OR If that is a security risk for some reason, there needs to be better feedback. It took me around 5 mins of refreshing the page and clicking the link before I noticed this tiny shield icon in the address bar. Perhaps there could be an infobar like the one for when a popup window has been suppressed with a warning but the option to follow the link.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•