On Tue, Mar 19, 2013 at 7:52 AM, Platonides <platonides(a)gmail.com> wrote:
An idea to fix it would be to take advantage of the
new certificate
which includes all projects, by having firefox detect that the
‘third-party site’ belong to the same entity, since they share the https
certificate (we would need to enable https to all logins, but that was
planned, anyway).
I'm pretty sure Firefox won't detect this condition; the security
model is based on domains, not SSL certificates.
-- brion