F12 tools fails to report HTTPS compromise
Issue #7999167 • Assigned to Divya G.
Details
- Author
- Richard S.
- Created
- Jun 26, 2016
- Privacy
- This issue is public.
- Reports
- Reported by 1 person
Sign in to watch or report this issue.
Steps to reproduce
Visit https://developer.microsoft.com/en-us/ with F12 console open. Note that only one SEC7111 HTTPS compromise is reported. Look at the network tab and note that there are three fonts loaded over HTTP.
Attachments
2 attachments
Comments and activity
-
Microsoft Edge Team
Brad E. Jun 27, 2016 2016-06-27T13:57:34.173Z
Changed Assigned To to “Brad E.”
-
Brad E. Jul 28, 2016 2016-07-28T16:18:52.1Z Microsoft Edge Team
Thanks for the feedback and please accept our apologies for the delay in responding to you on this item.
At this time I do not see any errors in the console, though I do see the fonts you are referring to being loaded in the network tab. We are wondering if there is some kind of difference in our environments that is responsible for this. Or possibly something in the page has changed that fixed this.
All the best,
The MS Edge Team -
Richard S. Jul 28, 2016 2016-07-28T20:54:32.603Z
Clear your cache entirely. HSTS has recently been enabled for www.microsoft.com so if you do not clear your cache you likely have HSTS cached which translates the requests from HTTP to HTTPS mitigating the compromise. On a system running RS1 14393.5 and a completely cleared cache, Edge will fetch from the following when accessing this page
https://developer.microsoft.com/en-us/
https://developer.microsoft.com/en-us/devmsft.css
https://www.google-analytics.com/analytics.js
https://c.microsoft.com/ms.js
https://i.s-microsoft.com/fonts/segoe-ui/west-european/bold/latest.woff2
https://i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff2
https://i.s-microsoft.com/fonts/segoe-ui/west-european/Semilight/latest.woff2
http://www.microsoft.com/fonts/segoe-ui/west-european/Semilight/latest.woff2
http://www.microsoft.com/fonts/segoe-ui/west-european/bold/latest.woff2
http://www.microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff2The F12 console reports a compromise for the last request only. The first two HTTP font requests are not reported.
-
Microsoft Edge Team
OSG V. Aug 2, 2016 2016-08-02T22:07:10.943Z
Changed Assigned To to “Leo L.”
OSG V. Aug 4, 2016 2016-08-04T18:48:16.25Z
Changed Assigned To to “Venkat K.”
Steve B. Aug 4, 2016 2016-08-04T19:32:15.387Z
Changed Assigned To from “Venkat K.” to “Rob T.”
Venkat K. Oct 10, 2016 2016-10-10T02:35:56.63Z
Changed Assigned To from “Rob T.” to “Divya G.”
You need to sign in to your Microsoft account to add a comment.
Sign in