On Tue, August 19, 2014 3:41 pm, fhw...@gmail.com wrote:
> <html><head><meta http-equiv="Content-Type" content="text/plain;"><style>
> body { font-family: "Calibri","Slate Pro","sans-serif"; color:#262626
> }</style> </head> <body data-blackberry-caret-color="#00a8df"><div>What
> are the current rules or algorithms in place when dealing with some
> mixture of http and https content in
> Firefox? </div><div><br></div><div>A case I'm thinking about is a
> drive-by download situation. If the main page is loaded âby https but
> there are subsequent requests for files (images, js, css, fonts, iframes,
> etc.) or Ajax calls to be made that are only http, will Firefox allow
> them? Note that I don't care about the form cases where I load the form
> html using https but submit the form data via http. I care about just the
> files and content. </div><div><span style="font-family: Calibri,
> 'Slate Pro', sans-serif;"><br name="BB10" caretmarkerset="INVALID"
> class="markedForCaretMarkerRemoval"></span></div><div>Thanks in advance.
> </div><div><br name="BB10" caretmarkerset="INVALID"
> class="markedForCaretMarkerRemoval"></div><div></div></body></html>
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
I'm not sure which Mozilla list is more appropriate, but I suspect this
isn't the one (there's likely a more specific one for networking/mixed
content)
That said, you may wish to check out
https://w3c.github.io/webappsec/specs/mixedcontent/ , which is trying to
document and spec exactly what the behaviour is and should be.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
