You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/05/13 03:21:01 UTC

[Bug 63424] New: upgrade-insecure-requests is randomly applied

https://bz.apache.org/bugzilla/show_bug.cgi?id=63424

            Bug ID: 63424
           Summary: upgrade-insecure-requests is randomly applied
           Product: Apache httpd-2
           Version: 2.4.39
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_headers
          Assignee: bugs@httpd.apache.org
          Reporter: mvolaski@aecom.yu.edu
  Target Milestone: ---

The directive Header always set Content-Security-Policy
"upgrade-insecure-requests;" is applied randomly. For on Mac Firefox, 66.0.5,
the page 
https://www.wormatlas.org/SW/SW.php/

shows random results when clicking the arrows to navigate the images

The first entry works
Content Security Policy: Upgrading insecure request
‘http://wormatlas.org/SW/SW.php/label.jpg’ to use ‘https’

Subsequent entries do not
Blocked loading mixed active content
“http://wormatlas.org/SW/SW.php/zoomify.php?sworm=undefined_31”[Learn More]

This may be a Firefox bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 63424] upgrade-insecure-requests is randomly applied

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63424

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
It is unlikely an httpd issue.

AFAIK, the string "upgrade-insecure-requests" is not part of the httpd.
So it is either related to a specific configuration, or a php script.


So, we need more information that shows that there is a bug related to httpd,
or we can not help/investigate further.


Setting as CLOSED/INVALID for now, but feel free to reopen if needed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org