Error when trying to save HTTP content with the HTTPS-only mode on
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: andremonizbr, Assigned: mjurgens)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
Enable the HTTPS-only mode
Open an HTTPS page that has direct HTTP links to files
Example: https://www.inoreader.com/feed/https%3A%2F%2Ffeeds.feedburner.com%2Fdsoh (requires an account to show the download links)
Actual results:
Firefox shows a popup with this error:
The download cannot be saved because an unknown error occurred. Please try again
Expected results:
Firefox should warn the user about the HTTP download and ask if he wants to download the file anyway, or at least be more specific about the error.
Missed the last step:
Right-click on one of the HTTP links and use the "Save link as..." option.
|
||
Comment 2•4 years ago
|
||
Logged in and tried to find the HTTP download links but couldn't find them. (for ex this one https://www.deepershades.net/dsoh-shows/deeper-shades-of-house-693-guest-mix-by-reezo-hassan.html had the "download first hour" as HTTPS connection).
Could you please send a link with a page from that site that has that download link with the insecure connection?
However, moving this over to its component. If that vague error shows up, it would be indeed nice to have a more specific error message.
Timea, the problematic download links are provided by their feed (and point to http://feeds.deepershades.net ), that's why I linked to a feed reader. You'd have to change the view mode to "extended view" to see them.
Anyway, I've made this for you to test it faster: https://firefox-test.000webhostapp.com/ .
|
|
||
Comment 4•4 years ago
|
||
Reproducible on the latest Firefox Beta and Nightly versions (HTTPS-only is not a feature enabled by default in Release). Setting this up as a defect for now but it could also be considered an enhancement. The development team will look into this further.
Thank you very much for the simplified testcase and for the report!
|
||
Updated•4 years ago
|
|
||
Comment 5•4 years ago
|
||
Also see bug 1662138
|
|
||
Comment 6•3 years ago
|
||
We should evaluate all download related bugs for https-first, hence marking this bug as blocking Bug 1704453.
Please mark my previous comments as outdated. Here's a new test page: https://bug1674859.netlify.app/
[Tracking Requested - why for this release]:
|
Assignee | |
Comment 9•1 year ago
|
||
This does not seem to affect HTTPS-First
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 10•1 year ago
|
||
|
||
Updated•1 year ago
|
|
||
Comment 11•1 year ago
|
||
|
||
Comment 12•1 year ago
|
||
| bugherder | ||
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Comment 13•1 year ago
|
||
Reproducible on a 2023-07-09 Nightly build on Windows 10.
Verified as fixed on Firefox 117.0b5(build ID: 20230808215502) and Nightly 118.0a1(build ID: 20230809213044) on Windows 10, macOS 12, Ubuntu 22.
Description
•