Version: (using KDE Devel) Installed from: Compiled sources Compiler: g++ 3.3 (suse) OS: Linux There's no warning when view dot.kde.org on https despite the mixture of http and https content. This is with openssl-0.9.6i-10 on suse 8.2.
Reassigning to Konqueror, since it's the one that requests those references to be loaded.
AFAIK the only things in here that aren't encrypted are images. I think this matches other browsers' behaviour. Any reason we should change?
Subject: Re: No warning on mixture of secure and insecure content On Thursday 09 October 2003 16:16, you wrote: > ------- You are receiving this mail because: ------- > ------- Additional Comments From staikos@kde.org 2003-10-09 18:16 ------- > AFAIK the only things in here that aren't encrypted are images. I think > this matches other browsers' behaviour. Any reason we should change? It doesn't match IE. It also allows cookies that were created using the secure link to be transfered over an insecure one. I would also be worried that the same behaviour might apply to other embedded content which could use things like liveconnect to manipulate the (previously secure) page. Rich.
Ok, so basically the other browsers -used- to work the way we -presently- do, whereas we -used- to work the way other browsers -presently- do. Argh. The cookie issue seems valid, although it's kind of a site bug if it does that. Should we change to emulate IE's behaviour?
Note: firefox behaves as we do.
Message from the Bugsquad and Konqueror teams: This bug is closed as outdated, as we do not have the manpower to maintain the KDE3 version anymore. If you still can reproduce this issue with Konqueror 4.8.4 or later, please open a new report. Thank you for your understanding.