Feeds served over HTTPS act insecure (no SSL indicators)
Categories
(Firefox Graveyard :: RSS Discovery and Preview, defect, P3)
Tracking
(Not tracked)
People
(Reporter: philor, Unassigned, NeedInfo)
References
(Blocks 1 open bug, )
Details
Updated•18 years ago
|
Updated•18 years ago
|
Updated•18 years ago
|
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
Updated•18 years ago
|
Updated•18 years ago
|
Updated•18 years ago
|
Updated•18 years ago
|
Reporter | ||
Updated•17 years ago
|
Updated•17 years ago
|
Comment 3•16 years ago
|
||
Comment 4•16 years ago
|
||
Comment 7•15 years ago
|
||
Comment 10•12 years ago
|
||
Updated•12 years ago
|
Comment 15•8 years ago
|
||
Comment 16•8 years ago
|
||
Comment 24•6 years ago
|
||
Comment 25•6 years ago
|
||
Updated•6 years ago
|
Comment 26•5 years ago
|
||
Still busted. And now in the graveyard.
I can't reproduce this - does Firefox even support RSS any more? I thought we removed it.
Comment 28•5 years ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #27)
I can't reproduce this - does Firefox even support RSS any more? I thought we removed it.
Bug 1465203 has recent information on how to reproduce.
Open this page: https://blog.mozilla.org/firefox/feed/
You'll get a page with https, but without security indicators.
Comment 29•5 years ago
|
||
Oh sorry, I was testing with 60.8
WIth 68.0, I don't get RSS display, but only a download offered.
Comment 30•5 years ago
|
||
That's because Mozilla have reconfigured all their feeds to download instead of display. (That is presumably to avoid displaying the underlying XML code as opposed to rendering them in a more human readable form like used to happen before they dropped support for that.) Meanwhile, much of the rest of the web still have their feeds set to display not download:
https://www.usa.gov/rss/updates.xml - Over https
https://feeds.bbci.co.uk/news/england/rss.xml - Over https but with mixed content. XSL transforms used to display feed as HTML.
http://rss.slashdot.org/Slashdot/slashdot - Over http
So, feeds served over HTTPS do seem to display with the correct security indicators.
Description
•