Closed Bug 917240 Opened 11 years ago Closed 10 years ago

http://www.sainsburys.co.uk online shopping: cannot reopen orders because of mixed content blocking

Categories

(Tech Evangelism Graveyard :: English Other, defect)

Product:
Tech Evangelism Graveyard
Component:
English Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: gerv, Unassigned)

References

Details

Sainburys online shopping breaks because of mixed content blocking. They have discovered the issue themselves, and put up a page:
http://help.sainsburys.co.uk/help/website/mozilla-firefox-issues

That page has numerous factual errors, and places the blame on Firefox for their use of mixed content. Either the person who wrote that page has been poorly informed, or they are misleading their customers (including me). The email they sent said that they have contacted us about this, but the lead developer of the feature has had no contact from them, and searching Bugzilla turns up nothing.

We should reach out to Sainsburys and help them to understand the issue properly, and fix it.

Gerv
I don't know how to reproduce this issue without creating an account on their site, making an order, going into "My Orders" and clicking "Amend Order". So someone with a Sainsburys account will need to test this.

Gerv
I sent the following to Sainsburys via their web form:

Dear Sainsburys,

Please can you pass this email to your web development team?

I am with Mozilla (and a Sainsburys customer), and was concerned to read your recently-issued advice about our mixed content blocking: http://help.sainsburys.co.uk/help/website/mozilla-firefox-issues . 

I received an email from Sainsburys informing me about that web page, which claimed: "We've contacted Mozilla and they are working on an updated version of the browser to fix these issues." However, here at Mozilla we cannot find any record of being contacted by Sainsburys about this. Who did you speak to?

The problem here is with the web site, not with Firefox. Mozilla has recently moved to block insecurely-loaded resources inside securely-loaded pages. Allowing such loads compromises the security of the page. Chrome and IE have similar protection (either a block or a warning); the reason your site works in those browsers is that their protection against this problem is not quite as extensive as ours (but might become so in the future).

To fix this, you need to consistently use HTTP or HTTPS for all the resources and sub-resources of a page. In this case, as far as I can see, you have an HTTP page which is loading an HTTPS iframe, which itself is loading an HTTP sub-resource. This load is blocked, which causes the page not to work.

There is a tracking bug in our bug system to track Sainsburys' resolution of this issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=917240

Mozilla requests that Sainsburys update their advice web page to correctly identify the source of the problem, which is not with Mozilla. We feel that advising all Sainsburys users to not use Firefox is unreasonable (and unlikely to happen). We are very happy to work with you in fixing your site so that it does not use mixed content.

Please feel free to contact me if I can be of any more help in this matter. 

Gerv
gerv@mozilla.org
Sainsburys have now fixed their site.

Gerv
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Blocks: 844556
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.