Thumbnail loader is using HTTP even when HTTPS is specified in URL

[oucil]

Describe the bug When I create a new tile and enter an explicit HTTPS url, it is ignoring this and using HTTP. The thumnail I'm seeing is one of my 'redirecting' messages, rather than the proper landing page.

Steps To Reproduce Enter an HTTPS URL where you know there is a difference between the HTTPS and HTTP end point.

Expected behavior Should load HTTPS page.

Device info:

• operating system: WIN10
• Browser and version: FFDE 95.0
• GroupSpeedDial version: 16.8

Additional info I believe this has been an issue for multiple versions, I've just never reported it, but I have a number of client sites where the HTTP link displays a "redirecting" message for 10s before moving to the HTTPS version of the login screen and this happens on all of them. I'm happy to provide an example link in a DM, just not here publicly.

[fastaddons]

Nope, I don't think this is what's happening here. If you omit the protocol or use unsupported one, the legacy "http" will be used and saved. If you specify "https" it will be saved with the "https" (you can see the whole URL in the corner when you hover the dial). The same URL is then used when loading dial to create thumbnail.

The problematic redirect page or other "protection mechanisms" that some pages uses are usually triggered when the target page detects that it's being loaded into "iframe". I'm by default using this method because I can create multiple thumbnails at the same time, I can apply correct zoom/scale (normalize page to HD resolution) and even use Crop / Scale feature to virtually "scroll" page. The only downside is that it doesn't work for some pages - but those are usually very rare.

You can try a few experiments - when you right click a dial, there are different reload methods, like "Refresh image in Background 2" which creates hidden tab and takes screenshot of it. Or "Refresh by visiting page". Another experiment you can try is disable javascript for the specific dial - from the Edit dial window / Settings / "Disable JavaScript during reload". Then try to reload again with default reload.

[oucil]

To begin, I can confirm that I'm entering the https://... explicitly in the URL, and that your plugin is saving that address if I were to go back in and edit the tile details.I've tried every method available for refreshing that tab snapshot, as you suggested (thank you for those, though I did try them before posting the bug report).

There is no JS or iframe in play on that page, it's a simple dedicated login page... the redirect is using a <meta http-equiv="refresh" content="30;url=https://secure.url"> method. When I use the "refresh by visiting page" method for instance, you would expect that it would go directly to the https://.... page, but it's not, it's requesting the page without the protocol specified, and thus getting the insecure warning page rather than the correct login page. Because there is a 30s delay as per the meta tag, the image is not generated from the correct login screen. But again, it should be going directly to the login screen if it were requesting using the correct protocol.

[fastaddons]

The "iframe" I'm talking about is in my addon page :). You see, "iframe" allows you to load 3rd party page into your own page. My addon opens hidden tab with "reload.html" addon page where it loads pages into "iframe" boxes and then it takes screenshot of it.

So when you tried different techniques, did it worked? I mean, if you use "Reload by visiting page", that must work, because it's the same as visiting the page manually :). All other methods are potentially detectable by the target page and can cause issues (but again, those are very rare).

Also, thee is no such thing as "requesting the page without the protocol specified", the protocol must be specified, otherwise it won't open the page - you can test this if you open dials page (or any other extension page) and run browser.tabs.create({url: "google.com"}).

Regarding my addon - I'm 100% sure it will go to 'https' if you save it with 'https', and you can test it easily - add a page that doesn't have "https" support, for example this Slovak page: "https://dsl.sk/". If my addon would try to load "http" version, it would work and create correct thumbnail, but it will go to "https" and fail :).

One question though, what is this meta 30s delay? My addon will for sure not wait 30 seconds to the page to load. Is this some standard I don't know about? I need to check...