Closed
Bug 1291448
Opened 8 years ago
Closed 8 years ago
about:neterror is not considered a secure page and can be mixed content blocked
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1293476
People
(Reporter: bkelly, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
(deleted),
image/png
|
Details |
Screenshot 2016-08-02 16.58.52.png
While investigating bug 1290116 I discovered that we can block our own about:neterror page as insecure mixed content. (See the attached screenshot.)
It seems like we should perhaps treat about:neterror as a secure origin or at least exempt it from mixed content blocking.
Tanvi, what do you think?
Flags: needinfo?(tanvi)
|
Reporter | |
Updated•8 years ago
|
|
||
Comment 1•8 years ago
|
||
But 1293476 has some discussion that might be relevant...
Depends on: 1293476
|
||
Comment 2•8 years ago
|
||
Yes, this is likely the same problem described here: https://bugzilla.mozilla.org/show_bug.cgi?id=1293476#c7
Does about:neterror have the URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT URI flag set on it?
Flags: needinfo?(tanvi)
Component: Security → DOM: Security
|
||
Updated•8 years ago
|
Blocks: MixedContentBlocker
|
|
||
Comment 3•8 years ago
|
||
Henry, is that the same problem as in Bug 1293476? If so, please make it as a dup.
Flags: needinfo?(hchang)
|
||
Comment 4•8 years ago
|
||
Yes it is! Making it as a dup :)
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(hchang)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•