Description of problem: When clicking on "My Bugs" I get redirected to a HTTP site (no HTTPS). This seems to be part of https://bugzilla.redhat.com/show_bug.cgi?id=63687 but was not fixed then. Version-Release number of selected component (if applicable): 4.4.1012-2 (current version on https://bugzilla.redhat.com/ ) How reproducible: always
Bug confirmed using Fedora 20 and Firefox 26.0. When clicking on "My Bugs" link with the Firefox console open, the following traffic gets logged: 09:56:41.748 GET https://bugzilla.redhat.com/buglist.cgi [HTTP/1.1 302 Found 2602ms] 09:56:44.438 GET http://bugzilla.redhat.com/buglist.cgi [Mixed Content][HTTP/1.0 302 Found 820ms] 09:56:45.179 GET https://bugzilla.redhat.com/buglist.cgi [HTTP/1.1 200 OK 19927ms] The timing varies a bit, but in general the first two requests seem to add between 3 and 6 seconds to the page load time. This issue seems sepcific to buglist.cgi, as aside from "My Bugs" the only other links on the home page that show this problem are the saved searches I've added to my page footer. Setting priority to medium, as this is a moderate performance issue.
According to Konstantin Ryabitsev who manages the kernel.org (was also affected) bugzilla this can be fixed by setting "SetEnv HTTPS=on" in Apache. See https://bugzilla.kernel.org/show_bug.cgi?id=68921 for details.
(In reply to Christian Stadelmann from comment #2) > According to Konstantin Ryabitsev who manages the kernel.org (was also > affected) bugzilla this can be fixed by setting "SetEnv HTTPS=on" in Apache. > See https://bugzilla.kernel.org/show_bug.cgi?id=68921 for details. As stated in https://bugzilla.kernel.org/show_bug.cgi?id=68921#c8, "SetEnv HTTPS=on" is a workaround. We really should fix this properly (i.e. honour the "always use https" setting) if at all possible.
This change is now live. If there are any issues, do not reopen this bug. Instead, you should create a new bug and reference this bug. -- simon