Closed
Bug 1133712
Opened 9 years ago
Closed 9 years ago
Block all Mixed Content for HSTS domains
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: annevk, Unassigned)
References
(Blocks 1 open bug)
Details
Internet Explorer plans on blocking all mixed content for HSTS domains: http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx If that is feasible it seems preferable to sometimes changing the UI and confusing the end user.
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Comment 2•9 years ago
|
||
Reopening as this is slightly different than bug 800098. Bug 800098 is about removing the user override in HSTS pages. I believe this bug is about treating optionally blockable content as blockable on HSTS pages.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Updated•9 years ago
|
Blocks: MixedContentBlocker
Comment 3•9 years ago
|
||
This bug does not accurately reflect the IE team's plans. "Mixed content – We do allow audio/video in the mixed mode scenario as it applies to HSTS." http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx#10594412 I vote WONTFIX, it'll just be a reason for people to regret having used HSTS.
Reporter | ||
Comment 4•9 years ago
|
||
Agreed that would make the proposition far less attractive.
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → WONTFIX
Comment 5•9 years ago
|
||
I just commented on the IE blog as I'd like some clarification from them either way.
Comment 6•9 years ago
|
||
(In reply to Tanvi Vyas [:tanvi] from comment #5) > I just commented on the IE blog as I'd like some clarification from them > either way. Mixed active content will be blocked on HSTS pages without a user override. http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx?CommentPosted=true#10597765
You need to log in
before you can comment on or make changes to this bug.
Description
•