Welcome to WebmasterWorld Guest from 54.226.47.198

Forum Moderators: incrediBILL

Message Too Old, No Replies

Are you delivering http content over https?

Not anymore. Get ready now.

     
4:22 pm on Apr 16, 2013 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12541
votes: 1



Security & Privacy


Non-SSL active content on SSL pages is blocked by default

Bug 834836 Turn on pref to block mixed active content

Firefox 18 introduced preferences to block loading content from non-SSL (http) sites on SSL (https) pages. One of those preferences will now be enabled by default in order to enhance user security. That means insecure scripts, stylesheets, plug-in contents, inline frames, Web fonts and WebSockets are blocked on secure pages, and a notification is displayed instead. It will not block "display content" like images, videos or audio.


[developer.mozilla.org...]
8:04 pm on Apr 16, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3125
votes: 4


It has long been the case that the more responsible browsers (including firefox) warned about mixed content. It has never been good to serve (eg) non-SSL images with an SSL page. I've had that warning enabled for years in firefox and only occasionally accept mixed content if I know the site well.

In any case, if a site is properly designed it should never serve mixed content.

It's good that FF now defaults to that mode but I wonder if they force it upon existing users after an update.