Closed
Bug 908703
Opened 11 years ago
Closed 1 year ago
Change the Network Pane Mixed Content message mechanism to use the logic in Mixed Content Blocker for determining if a message is Mixed Content
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
RESOLVED
FIXED
People
(Reporter: ialagenchev, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-backlog2])
We started logging Mixed Content messages in the security pane of the web console as part of bug 875456. Bug 737873 originally added the messages to the network pane, but used a less than perfect way for validating if a resource is mixed content. We want to now use the same logic that is employed by the MCB. An alternative and potentially better approach could be to use the notifications from nsSecurityConsoleService, which is planned to be introduced by bug 897240 since nsSecurityConsoleService notifications are triggered by MCB itself.
Updated•9 years ago
|
Component: Security → DOM: Security
Whiteboard: [domsecurity-backlog]
Updated•9 years ago
|
Blocks: MixedContentBlocker
Comment 1•9 years ago
|
||
If you go to https://wired.com, it will redirect to http://wired.com. The webconsole Net Panel, for some reason, still thinks the top level page is https://wired.com. It doesn't consider the redirect and readjust the the top level page. Hence, we end up with tons of mixed content warnings in the Net panel since http://wired.com loads lots of http:// content.
Brian, is the fact that the webconsole doesn't update the request.url after a redirect a known issue[1]? Is it something that will get fixed, or should we just turn off Mixed Content warnings in the Net panel? And stick to the ones in the Security panel, which are accurate (or at least designed to be accurate :).
Thanks!
[1] http://mxr.mozilla.org/mozilla-central/source/devtools/client/webconsole/webconsole.js#1600
Flags: needinfo?(bgrinstead)
Comment 2•8 years ago
|
||
When you say mixed content warnings in the new panel do you mean the 'broken lock' icon showing up on requests? Because those show up even if the original page loaded is http://wired.com. IIRC it was decided to show the insecury iconography for all http requests inside this thread: https://groups.google.com/d/msg/mozilla.dev.developer-tools/y3MqhAGLMjg/SyY93QPuBgAJ.
> 1. HTTPS OK - green lock
> 2. HTTPS weak - grey lock with yellow warning triangle
> 3. HTTPS failed - grey warning triangle
> 4. HTTP OK - struck-through lock
> 5. localhost - globe
Flags: needinfo?(bgrinstead)
Comment 3•8 years ago
|
||
Tanvi, can you answer Brians answer/question - I think it would be nice to get this bug resolved!
Flags: needinfo?(tanvi)
Priority: -- → P2
Updated•8 years ago
|
Priority: P2 → P3
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog2]
Comment 4•7 years ago
|
||
Clearing my ni? queue at the moment. Since Kate is taking on the work for mixed content, I think this is something she might look into as well, hence I am making this bug block bug 1295777.
Blocks: 1295777
Flags: needinfo?(tanvi)
Updated•2 years ago
|
Severity: normal → S3
Updated•1 year ago
|
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•