Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extension Error: INSECURE_DOCUMENT_REQUEST #6809

Closed
betagoo opened this issue Dec 14, 2018 · 3 comments
Closed

Extension Error: INSECURE_DOCUMENT_REQUEST #6809

betagoo opened this issue Dec 14, 2018 · 3 comments
Labels
pending-close

Comments

@betagoo
Copy link

betagoo commented Dec 14, 2018
edited
Loading

Lighthouse Version: 3.3.0.4001
Lighthouse Commit: 6610036
Chrome Version: 72.0.3626.14
Initial URL: http://www.pro-vent.pl/
Error Message: INSECURE_DOCUMENT_REQUEST
Stack Trace:

LHError: INSECURE_DOCUMENT_REQUEST
    at Function.assertNoSecurityIssues (chrome-extension://blipmdconlkpinefehnmjammfjpmpbjk/scripts/lighthouse-ext-bundle.js:20163:7)
    at Function.afterPass (chrome-extension://blipmdconlkpinefehnmjammfjpmpbjk/scripts/lighthouse-ext-bundle.js:20298:6)

I know, that this issue is resolved.
But I can not find the cause of the issue.
HTTPS is necesary? I mean https://www.pro-vent.pl/
@exterkamp
Copy link
Member

How are you running LH? I can run against http://www.pro-vent.pl/ just fine from cli, extension, etc. But get an INSECURE from https://www.pro-vent.pl/ because the cert is indeed invalid. You aren't required to have HTTPS, you can run against just HTTP, but you can't run against an HTTPS site with an invalid cert, then it will throw an INSECURE error.

@betagoo
Copy link
Author

betagoo commented Dec 19, 2018
edited
Loading

Thanky You For help.
Short solution: I see, we need SSL certificate anyway.

Long solution:

I use Lighthouse for Google Chrome Developer Edition.

This website normaly work on http://, (we do not have SSL).
There is self signed certificate for https:// , and there is redirection set into .htaccess file (from https to http):

RewriteEngine On RewriteCond %{HTTPS} =on RewriteCond %{HTTP:X-Forwarded-Proto} =https [NC] RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But! - before browser redirect page, have to connect to insecure https, and accept safety exception - google chrome do not do this - that is the problem perharps.
I know this problem, and I know, the self signed certificate is insecure.
We have to install certified SSL.

Thanks, You confirm my supposition.

One thing is strange. Two, maybe three weeks ago I use Lighthouse to analyze website http://www.tcmeble.pl and then everything worked fine. Maybe Lighthouse has made changes since then, because it does not work now. I mean work, but generate error INSECURE_DOCUMENT_REQUEST

Anyway. Once again thank You for help.

@exterkamp
Copy link
Member

Hm. We have been making changes to how INSECURE_DOCUMENT_REQUESTS have been handled lately #6457 #6608 #6739 etc. so I wouldn't be too surprised if it was changing recently from that if you are on dev channel or from the new M71+ chrome rollout.

I can run against http://www.tcmeble.pl right though on v4.0.0-beta:
image

But can't run against https://www.tchmeble.pl because the cert:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending-close
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@betagoo @exterkamp