Probably I should have filed this earlier. konqueror is also affected by the issue reported here: https://bugzilla.mozilla.org/show_bug.cgi?id=626474 Reproducible: Always Steps to Reproduce: 1. konqueror https://freemail.web.de/ Actual Results: http://web.de/fm Without warning you are about to compromise login data by transmitting in clear text Expected Results: https://web.de/fm Bug https://bugs.kde.org/show_bug.cgi?id=307221 looks somewhat related Other scenarios where dropping from https:// to http:// is a problem exist.
Sorry, but I fail to see why you should get a warning in this case. The redirection takes place before the content you requested when you typed the address/url has been displayed. IOW, you did not yet get any visual queue from the site that would lead you to believe that it is a secure site. Instead the server automatically redirects you to a non secure site. The fact that the secure site visual queues displayed by the browser should be indication enough that you are in a non-protected site. Otherwise, we would end up with the opposite problem where we would be popping this useless warning message over and over again. The case of bug# 307221 are completely different. In that case, the server does send back the content from a secure site, but some of the links on the content sent back (images, style-sheets, etc) have origins that are from non secure sites. As such, there is no way for the userto tell that some image or stylesheet comes from a non-secure site unless the browser provides that information. BTW, if the redirection happens in this scenario, it should result in the user being informed. Anyhow, I am not really opposed to warning the user for this, but doing so in this case seems to me to be at least a redundant action and at worst an unnecessary interruption.
Dear Bug Submitter, This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond. Thank you for helping us make KDE software even better for everyone!
Dear Bug Submitter, This is a reminder that this bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? This bug will be moved back to REPORTED Status for manual review later, which may take a while. If you are able to, please lend us a hand. Thank you for helping us make KDE software even better for everyone!
Hi, I have not been able to reproduce this with the link I have given in the original report (or with other links I tried). They all default to https now. This might be different in other parts of the world where https is not wanted/allowed.
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Dear Justin, thank you for looking into this! If "https://neverssl.com" is typed into the address field then konquerror still silently opens a non https page. Like: http://funinnerlushpathway.neverssl.com/online/ http://shiningsublimeshinylight.neverssl.com/online/ (Konqueror 21.12.3 openSUSE)