security.mixed_content.upgrade_display_content #367
Comments
|
If I understand it well, it tries to load eventual http ressources of https website (i.e. mixed content) over https (i.e. does the job of the lazy web dev), meaning that it might reduces –already rare as you pointed– breakage. P.S.: Re: 1433592; yes, that’s because you’ve mentioned it in #7 (comment) |
|
There's probably a reason why they don't enable it by default just yet. I would wait. |
|
Pref name is this issue title (I don’t know if there is a ticket about it, would have to look more deeply at Martin’s post and follow links —don’t have time for that right now). The two mixed content blocks are made useless, because this new one can already not fallback to requesting insecure content on its own. I think it’s not enabled by default because it breaks sites the same way blocking passive mixed content does, and AFAIK this is not activated by default either (but we do). |
it only upgrades passive display content, ie. images + media. |
|
OK, so it only makes blocking passive mixed content obsolete. Which make sense, since active mixed content has been blocked by default for a while. |
|
Mentioned on other topic as OT today (sorry). After that I have found it was already mentioned here in the past. |
(From https://www.ghacks.net/2018/02/24/firefox-60-https-upgrade-for-mixed-content/)
I think this is something we might want to set as on by default. This is better than purely blocking mixed-content, and I see no disadvantages over what we do currently.
The text was updated successfully, but these errors were encountered: