My understanding is all other browsers will still would load this request. Chrome marks this as Mixed Passive and warns in the console whilst the request still can be seen in the network panel. I was only testing with a self signed certificate so unsure if the URL bar would display as "Not Secure".
Thanks Jonathan On Mon, Nov 27, 2017 at 4:33 PM, Alex Gaynor <agay...@mozilla.com> wrote: > How does this behavior compare with other browsers? > > Alex > > On Mon, Nov 27, 2017 at 7:47 AM, Jonathan Kingston <j...@mozilla.com> > wrote: > >> Currently our mixed content blocker implementation treats object >> subrequests as mixed passive content. As part of our plan to deprecate >> insecure connections we are going to block insecure subrequests in flash. >> Mostly because such subrequests can contain data or functionality which >> might be dangerous for end users. >> >> Current telemetry suggest that ~0.03% requests would be impacted by this >> change of behaviour [1]. To roll that change out we initially are going to >> add a pref "security.mixed_content.block_object_subrequest" which will >> be >> enabled for Nightly and Early Beta and ultimately will be flipped on >> permanently for FF60. >> >> We track overall progress here: >> https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 >> >> Thanks >> >> Jonathan >> >> [1] >> https://telemetry.mozilla.org/new-pipeline/dist.html#!cumula >> tive=0&end_date=2017-11-15&keys=__none__!__none__!__none_ >> _&max_channel_version=release%252F57&measure=MIXED_CONTENT_ >> OBJECT_SUBREQUEST&min_channel_version=null&processType=*& >> product=Firefox&sanitize=1&sort_keys=submissions&start_ >> date=2017-11-12&table=0&trim=1&use_submission_date=0 >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
