View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002010||Xdebug||Documentation||public||2021-08-24 14:08||2021-09-06 14:26|
|Summary||0002010: Instructions using https://xdebug.org/wizard provides HTTP download link when viewing page over HTTPS|
|Description||The generated instructions for installing XDebug will contain a download link for Step 1 every time. This download link directs the user to download the source files over HTTP. However, when following said link, the server will respond with a 307 response code redirecting the user to download the resource over HTTPS.|
When using the Installation Wizard over HTTP, this is not an issue. However, when using the Installation Wizard over HTTPS, this causes a "Mixed Content" error and the download is silently blocked by the client browser (browser details in steps to reproduce).
|Steps To Reproduce||- Open a chromium based browser (myself: Brave Browser V1.28.106 (Aug 19, 2021); based on Chromium: 92.0.4515.159)|
- Navigate to https://xdebug.org/wizard
- paste in output from your "php -i" command
- Click download link from Step 1
|Additional Information||Error message displayed in Console tab of inspect panel:|
Mixed Content: The site at 'https://xdebug.org/' was loaded over a secure connection, but the file at 'https://xdebug.org/files/xdebug-3.0.4.tgz' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.
|Tags||No tags attached.|
|Operating System||Fedora 33|