I wasted lots of time on this issue too (but on a different site). As far as Firefox is concerned, an insecure request is an insecure request; it doesn’t care if HSTS rewrites it [1], and presumably, it doesn’t care if HTTPS Everywhere rewrites it either. Can someone more familiar with how HTTPS Everywhere works internally confirm this?
I guess you’re supposed to use platform=mixedcontent here. [1] https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/(appendix, section 4: “Relying on HSTS to prevent Mixed Content”) -- Brian Drake All content created by me: Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 Brian Drake. All rights reserved. On Fri, Jan 3, 2014 at 0054 (UTC), James Cox <[email protected]> wrote: > Hi All, > > I'm trying to write a rule to fix a problem I have with a page that > has "mixed active content". I can see in Firefox Console the URL that > is being blocked, but when I try to make a simple ruleset to match > this URL it doesn't seem to be running. > > Here's a screenshot of what I'm seeing in the Firefox Console: > http://i.imgur.com/DuwLO2X.jpg > > And here's my rule file: > <ruleset name="Conducive"> > <target host="apps.conducive.com.au" /> > <rule from="^http://apps\.conducive\ > .com\.au:443" > to="https://apps.conducive.com.au:443"/> > </ruleset> > > Any hints would be greatly appreciated. > Thanks, > James > [snip] <https://lists.eff.org/mailman/listinfo/https-everywhere> >
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
