View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002010||Xdebug||Documentation||public||2021-08-24 14:08||2021-09-06 14:26|
|Summary||0002010: Instructions using https://xdebug.org/wizard provides HTTP download link when viewing page over HTTPS|
The generated instructions for installing XDebug will contain a download link for Step 1 every time. This download link directs the user to download the source files over HTTP. However, when following said link, the server will respond with a 307 response code redirecting the user to download the resource over HTTPS.
When using the Installation Wizard over HTTP, this is not an issue. However, when using the Installation Wizard over HTTPS, this causes a "Mixed Content" error and the download is silently blocked by the client browser (browser details in steps to reproduce).
|Steps To Reproduce|
Error message displayed in Console tab of inspect panel:
Mixed Content: The site at 'https://xdebug.org/' was loaded over a secure connection, but the file at 'https://xdebug.org/files/xdebug-3.0.4.tgz' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.
|Tags||No tags attached.|
|Operating System||Fedora 33|