Is there an option in firefox to allow browsing over mixed HTTP/HTTPS content?
Technically not a bug - I suspect that the site is mixing HTTP with HTTPS and firefox refused to consider the connection as secure. I was able to finish the payment using chrome though (I believe the content that was not under HTTPS is only consisting of images). --
The secure2gw.ro site offers an extra layer of security when performing card payments towards Romanian companies (it adds a password check on top of the card CVC and the rest of the data to avoid thefts). I have previously accessed this site without issues, but this morning I was unable to finish a payment transaction (I used chrome to perform the payment in the end); firefox offers this information:
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
and a link to https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
On a browser on my android phone (lastpass), the message was a little more detailed and it complained about some gif file (I suspect that the page mixes HTTP with HTTPS, transferring the images over HTTP).
Although the fix would be that the site owners stop mixing HTTP with HTTPS, since I was able to actually perform the payment using chrome instead, I thought that this may concern Mozilla as well.
The first step on a transaction is to ask for my password - this page works well; the page that firefox complains about is a second step (where it probably receives the mixed insecure content).
פתרון נבחר
A "connection to the server was reset" has normally nothing to do with mixed content although the presence of active mixed content (js files and iframes) can cause a website to malfunction. "connection to the server was reset" means that the website or possibly some other software/server that is part of the network connection has terminated the connection.
Note that Google has encountered this issue as well while visiting the website.
- https://www.google.com/search?q=secure2gw.ro
- We are sorry, access denied.
כל התגובות (3)
פתרון נבחר
A "connection to the server was reset" has normally nothing to do with mixed content although the presence of active mixed content (js files and iframes) can cause a website to malfunction. "connection to the server was reset" means that the website or possibly some other software/server that is part of the network connection has terminated the connection.
Note that Google has encountered this issue as well while visiting the website.
- https://www.google.com/search?q=secure2gw.ro
- We are sorry, access denied.
I do not expect to be able to access the site in a normal fashion... So "access denied" is irrelevant here. You would need some session info/a payment transaction towards a Romanian company using a Romanian bank card. My only point was that I managed to pay the bill with Chrome... I am sorry I am not able to offer more significant info.
If there is blocked mixed content then you should see messages in the Web Console ("3-bar" menu button or Tools -> Web Developer).