Open webcompat-bot opened 2 years ago
Thanks for the report, I was able to reproduce the issue.
Affected area:
<img src="http://kmpic.asus.com/images/2018/11/01/02e9ffac-4ffb-4eee-b72e-9ba685fa8516.jpg" style="width: 772px; height: 689px;" width="893" height="725">
Note:
Tested with: Browser / Version: Firefox Nightly 105.0a1 (2022-07-27), Firefox Release 103.0 Operating System: Windows 10 Pro
Moving to Needsdiagnosis for further investigation.
[qa_30/2022]
Observations:
If you manually change the protocol of the images from http:// to https:// (either via devtools or a script) the images appear.
If you open one of the images with http:// in a new tab you only see a white page with the HTTP status 502 Connection reset by peer
.
Chrome also shows a 502 error page if you directly open the image. But Chrome has no issues with showing these images when they are used as an <img>
.
It's unclear to me why the images are being blocked given their CSP includes kmpic.asus.com
as a default-src, and has no img-src. As such I've filed https://bugzilla.mozilla.org/show_bug.cgi?id=1787576 to hopefully get some insight.
Based on an early look in the bug I reported above, this is technically the site's error per the CSP standard, and Chrome seems to maybe do something to work around it. The site should probably have http://*.asus.com
in their CSP, as without the http:
the browser isn't supposed to assume to allow mixed content like this.
URL: https://www.asus.com/support/FAQ/1037906/
Browser / Version: Firefox 103.0 Operating System: Windows 10 Tested Another Browser: Yes Edge
Problem type: Design is broken Description: Images not loaded Steps to Reproduce: images are not loading in firefox, but edge, due CSP restrictions. seems that asus broke the design without purpose - loading http images in https page with csp.
View the screenshot
Browser Configuration
From webcompat.com with ❤️