No reaction/no information/no error when clicking an HTTPS link that has not been authorized by proxy or host not responding
Hello, Our company uses a proxy in whitelisting mode. Until recently, clicking any HTTPS link unauthorized by proxy (403 by Squid) would result in an unambiguous error page informing the user that the connection was refused (if needed, they can open a corporate page showing the most recent hostnames blocked from their machine and request authorization).
Now, when clicking an unauthorized link (403 by Squid proxy) in FF, nothing happens. The GUI simply stales as nothing happened. To reproduce: 1. Configure FF with an HTTP proxy (squid) in deny by default. 2. Open duckduckgo, search something, and click on any https link that has not been whitelisted in the proxy. 3. After the click, nothing happens -> no error, no information message, nothing. (in the dev tools -> network tab, one can see a 403 status.)
This also happens when browsing websites: if the website includes a link to another website that is not whitelisted, nothing happens, the user is not informed that the host could not be reached.
This seems like a mechanism has been broken, as FF always used to inform the user of the host not responding with an error page.
Thanks for reading, sb3k
Additional System Details
- Shockwave Flash 32.0 r0
- User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Also forgot to add: When right-clicking the link (new tab) -> it shows a blank tab, and the "reload" icon remains disabled.
Until prior versions, the reload button would be enabled and users could click it once they have authorized the website/hostname.
What if you try some return codes here: https://httpstat.us/ You can append your desired status code to the URL or pick from a list on the default landing page.
I get a very small, e.g., 403 Forbidden in the upper left. In normal use, usually the webserver returns a page appropriate to the status (it's generally their job), sometimes with some extra default info like the server version, sometimes with more creative things. I do however (at least i believe) recall Firefox occasionally injecting its own "friendly" type of page. Not sure what happened to that.