Re: Intent to ship: Treating object subrequests as mixed active content

As a quick follow up we added a deprecation notice into 60 with https://bugzilla.mozilla.org/show_bug.cgi?id=1441794 this will ride the trains and provide more telemetry on the breakage. There is a little more breakage than we would like so adding this warning provides page and frame breakage

Re: Intent to ship: Treating object subrequests as mixed active content

My understanding is all other browsers will still would load this request. Chrome marks this as Mixed Passive and warns in the console whilst the request still can be seen in the network panel. I was only testing with a self signed certificate so unsure if the URL bar would display as "Not

Re: Intent to ship: Treating object subrequests as mixed active content

How does this behavior compare with other browsers? Alex On Mon, Nov 27, 2017 at 7:47 AM, Jonathan Kingston wrote: > Currently our mixed content blocker implementation treats object > subrequests as mixed passive content. As part of our plan to deprecate > insecure

Intent to ship: Treating object subrequests as mixed active content

Currently our mixed content blocker implementation treats object subrequests as mixed passive content. As part of our plan to deprecate insecure connections we are going to block insecure subrequests in flash. Mostly because such subrequests can contain data or functionality which might be