You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/05/13 03:21:01 UTC
[Bug 63424] New: upgrade-insecure-requests is randomly applied
https://bz.apache.org/bugzilla/show_bug.cgi?id=63424
Bug ID: 63424
Summary: upgrade-insecure-requests is randomly applied
Product: Apache httpd-2
Version: 2.4.39
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: mod_headers
Assignee: bugs@httpd.apache.org
Reporter: mvolaski@aecom.yu.edu
Target Milestone: ---
The directive Header always set Content-Security-Policy
"upgrade-insecure-requests;" is applied randomly. For on Mac Firefox, 66.0.5,
the page
https://www.wormatlas.org/SW/SW.php/
shows random results when clicking the arrows to navigate the images
The first entry works
Content Security Policy: Upgrading insecure request
‘http://wormatlas.org/SW/SW.php/label.jpg’ to use ‘https’
Subsequent entries do not
Blocked loading mixed active content
“http://wormatlas.org/SW/SW.php/zoomify.php?sworm=undefined_31”[Learn More]
This may be a Firefox bug.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63424] upgrade-insecure-requests is randomly applied
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63424
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
It is unlikely an httpd issue.
AFAIK, the string "upgrade-insecure-requests" is not part of the httpd.
So it is either related to a specific configuration, or a php script.
So, we need more information that shows that there is a bug related to httpd,
or we can not help/investigate further.
Setting as CLOSED/INVALID for now, but feel free to reopen if needed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org