Thank you for the analysis! In a perfect world, the user would be alerted to update-driven failures on the "lock" icon and have the option to allow mixed display content as an exception on the Site Info panel. Users with the HTTPS Only feature enabled have part of that experience. There is an On/Off/Off Temporarily selector on the Site Info panel which allows loading insecure display content, but the lock isn't marked in a manner that would suggest going to look for it. I don't know whether we could reuse the `https-only-load-insecure` permission for display content that would be blocked for other reasons, or whether that would create other problems.
Bug 1848571 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Thank you for the analysis! In a perfect world, the user would be alerted to upgrade-driven failures on the "lock" icon and have the option to allow mixed display content as an exception on the Site Info panel. Users with the HTTPS Only feature enabled have part of that experience. There is an On/Off/Off Temporarily selector on the Site Info panel which allows loading insecure display content, but the lock isn't marked in a manner that would suggest going to look for it. I don't know whether we could reuse the `https-only-load-insecure` permission for display content that would be blocked for other reasons, or whether that would create other problems.