Currently our mixed content blocker implementation treats object subrequests as mixed passive content. As part of our plan to deprecate insecure connections we are going to block insecure subrequests in flash. Mostly because such subrequests can contain data or functionality which might be dangerous for end users.
Current telemetry suggest that ~0.03% requests would be impacted by this change of behaviour [1]. To roll that change out we initially are going to add a pref "security.mixed_content.block_object_subrequest" which will be enabled for Nightly and Early Beta and ultimately will be flipped on permanently for FF60. We track overall progress here: https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 Thanks Jonathan [1] https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-11-15&keys=__none__!__none__!__none__&max_channel_version=release%252F57&measure=MIXED_CONTENT_OBJECT_SUBREQUEST&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-11-12&table=0&trim=1&use_submission_date=0 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
