搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

HTTPS displays as non secure for RBC bank

more options

I went to the web site "https://jobs.rbc.com/ca/en" and Firefox shows lock with a caution symbol icon, see enclosed. However when I open "web developer" then "network" to view what part is not secure none of the components are insecure even when I scroll through the list.

Why does Firefox 64 show the site as insecure?

I went to the web site "https://jobs.rbc.com/ca/en" and Firefox shows lock with a caution symbol icon, see enclosed. However when I open "web developer" then "network" to view what part is not secure none of the components are insecure even when I scroll through the list. Why does Firefox 64 show the site as insecure?
已附加屏幕截图

由user226514887665625432230708206477982186438于修改

所有回复 (7)

more options

Hello mace2,

Would you please take a look at this article :

https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox

When you scroll down some, you will see :

A grey lock with an orange triangle indicates that Firefox is not blocking insecure passive content, such as images. By default, Firefox does not block mixed passive content; you will simply see a warning that the page isn't fully secure. Attackers may be able to manipulate parts of the page, for example, by displaying misleading or inappropriate content, but they should not be able to steal your personal data from the site.

more options

I see the shield icon indicating that Content Blocking is active. You can check the Web Console tab to see more detail about what content is blocked by CB and what content is loaded over an open HTTP connection causing the exclamation mark to appear.

more options

The web console shows the following info that the network view did not initial.

Loading mixed (insecure) display content “http://assets.phenompeople.com/CareerConnectResources/RBCAA0088/en_ca/desktop/assets/images/thumb/bup/I&TS.png” on a secure page[Learn More]

I am still not sure why the network view did not show the insecure value. It does now

more options

Attached the now working view from "web developer" "network" showing non https components.

more options

I am using FF64.0.2 and click the link and clicked the login and got no warning about security.

more options

If you would hover such an image then you should see a preview. This is a problem with the website. Firefox merely warns you by showing an exclamation mark attached to the padlock. You can contact the website to inform them about this insecure mixed content on their pages.

more options

I would not expect to see that on the bank's own secure pages, but these job listings might not be equally secure because they could contain "user generated content" on HTTP paths that the person submitting the listing never tested in a secure context (or didn't care!).