Welcome to WebmasterWorld Guest from 54.144.126.195

Forum Moderators: incrediBILL

Message Too Old, No Replies

Are you delivering http content over https?

Not anymore. Get ready now.

     

coopster

4:22 pm on Apr 16, 2013 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member




Security & Privacy


Non-SSL active content on SSL pages is blocked by default

Bug 834836 Turn on pref to block mixed active content

Firefox 18 introduced preferences to block loading content from non-SSL (http) sites on SSL (https) pages. One of those preferences will now be enabled by default in order to enhance user security. That means insecure scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets are blocked on secure pages, and a notification is displayed instead. It will not block "display content" like images, videos or audio.


[developer.mozilla.org...]

dstiles

8:04 pm on Apr 16, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



It has long been the case that the more responsible browsers (including firefox) warned about mixed content. It has never been good to serve (eg) non-SSL images with an SSL page. I've had that warning enabled for years in firefox and only occasionally accept mixed content if I know the site well.

In any case, if a site is properly designed it should never serve mixed content.

It's good that FF now defaults to that mode but I wonder if they force it upon existing users after an update.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month