The FG forums/site do not load correctly in FireFox 29.0.1.

See attachment. This problem also happens in firefox safe mode (not related to extensions), with the cache cleared and does not happen with other vb 4.2.1 forums.

Known problem or solution?

Hmm, I'm using 29.0.1 and it's working for me.

The problems with FireFox could be coming from mixed content loading.

Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
Blocked loading mixed active content "https://www.fantasygrounds.com/forums/clientscript/vbulletin-core.js?v=421"[Learn More] forumdisplay.php
ReferenceError: vB_XHTML_Ready is not defined forumdisplay.php:165
ReferenceError: vbphrase is not defined forumdisplay.php:3656
ReferenceError: vBulletin_init is not defined forumdisplay.php:3719
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/buttons/newbtn_middle.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/gradients/grey-up.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/fg_statusicon/thread_hot-30.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/fg_statusicon/thread_old-30.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/gradients/generic_button.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/misc/black_downward_arrow.png"[Learn More] forumdisplay.php
Loading mixed (insecure) display content on a secure page "https://www.fantasygrounds.com/forums/images/gradients/gradient-greytowhite.png"[Learn More]

OK - I found the problem. If you have layout.css.filters.enabled set to true in the firefox config (about:config), the css for the FG forum does not load correctly. After setting it to false (default setting), the css now loads OK. Not sure if that is an FG or VB issue, but it might bear further exploration. I had been using Opera because of this issue, but decided to track it down after upgrading Firefox and seeing safe mode fail.

Incidentally, there appears to be a firefox bug with mixed content. Even if you set the config to allow it to load mixed content, it won't.

For me, Firefox still has login issues with the FG forum. When loading in a secure context with Firefox, the user password is visible (not being obscured). Someone may want to look at the mixed http/https content issues and double-check to see if this issue is reproducible to help rule out anything in my specific configuration. It works in http mode with Firefox, but that doesn't not provide underlying password encryption. Opera seems to be more tolerant of mixed content (or whatever is causing this issue) and does obscure the user pw in https mode.

See attached image - look at the login box in the upper right.

this is not happening for all firefox users.... ive tried in 29.01 and 30.0 with http and https and password field is obscured as per normal..
i have no addon extensions though as this is not a primary browser. most likely it is something particular to your setup :)

Yeah - it could be - also maybe some option I've changed. I was just putting it out there. I will try to track it down as time permits and report back. Thanks for cross-testing it, damned. :) I think there may still be an issue with mixed/insecure content loading, but that will have to be addressed at the web/php code level to remove explicit "https://" references, etc. and load based on the current user context.

I have upgraded to FF30.0 and also tried safe mode. https://www.fantasygrounds.com still work properly. Also, it looks like the https implementation is not clean. As a comparison, I tried https://www.xgamingstudio.com/forum/ (vb 4.2.1 running cleanly with https) and saw no problems with password obfuscation or any other issues -- perhaps script loading. Someone at FG may want to take a look at the https implementation/certificate and the way that content is being served to help address this issue - might or might not be related to mixed content.

I have reproduced this problem on a different computer with firefox & windows server.

Steps to reproduce are as follows:

1. open firefox
2. type https://www.fantasygrounds.com
3. click on community link
4. click in the username field -> default text does not clear
5. click in the password field -> default text does not clear and pw is readable

Also, as before, firefox displays icon next to the address indicating that the https implementation of fantasygrounds.com is not secure/mixed.

notice a shield icon in the browser? next to the URL? if so click it and tell it to allow the mixed content.

this was caused by the browsers altering the way they handle https. this update came about nearly 4-6 months ago. firefox and opera announced the changes.
you can tell the browsers to allow mixed content as per site.

hmmm... from that link i get the same.
when using the login link on this link it works as expected...
https://www.fantasygrounds.com/community/

and further - testing what saithan reports - if you tell FF to "stop protecting" this page the behaviour reverts to expected...

their are things a site can do one their end to avoid this ...
it requires them to know what they are serving in http and https either serve all in https or any content (links etc could be posted as relative type links) this usually solves it as well,
currently most site rely on people learning about the the protection policy added to browsers and turning it off.

damned: Yes the login on /community works. The one that is failing is at the top of the forums. The problem is that the vb forum integration running at the fg site does not properly implement https.

saithan: That is a great Firefox tip, and you're right - the behavior of the fields is correct when disabling blocking. I didn't notice the shield. However, since the username/pw fields are the ones that stop working, it begs the question that the fields that most need https are not using it. One problem may be that the BBURL variable in vbulletin has been hard-coded to https://... also vbulletin-core.js is hard-coded as https:// even though the site environment is https://.

Again - it appears to be either a bug in vb or in the specific site integration.

[edit - saithan - yes - that is correct - there are hard-coded references to http instead of relvative or dynamic url construction. my post was in-process...]

Also - I think this problem is fully characterized now. It would be great if someone would add it to the bug database. Also, I would suggest integrating JIRA with the forum (https://www.youtube.com/watch?v=fDkloz8YIQk). Given that FG has a minimal team, it would help on the development/reporting/user feedback/release side.

JIRA costs for commercial non-open source projects. That is one reason why Lone Wolf decided against it when they were looking for better bug tracking software. Coincidentally that's why we at PCGen (https://jira.pcgen.org) DO use it. :)

Nice to know they support .orgs.

I was assuming the 10 user license and a little bridge widget to auth silently to JIRA as a common user on the back-end. Dev-Team: 9 users, Forum Users: 1 common user, where vb username is preserved. It's just for bug reporting / viewing. # of aliased users doesn't really matter. But, if someone had the time, they could also post changes and send notifications to the aliased vb user with another little widget.

Alternately, there are always solutions like Bugzilla (perl), Mantis (php), and Trac (python) that could be installed off to the side with automatic user creation from vb.