Closed Bug 1633743 Opened 4 years ago Closed 4 years ago

Consider auto upgrading passive mixed content in Nightly

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
84 Branch
Tracking Flags:
Tracking Status
firefox84 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, Whiteboard: [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

Bug 1633743: Auto upgrade mixed display content in Nightly.
47 bytes, text/x-phabricator-request
Details | Review

We could consider to auto-upgrade mixed passive content like:

  • audio, video
  • images

from http to https.

Given the current state of the internet, that should probably work.

Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Summary: Consider auto upgrading passive mixed content → Consider auto upgrading passive mixed content in Nightly
Whiteboard: [domsecurity-backlog1] → [domsecurity-active]
See Also: → 1672106
Depends on: 1673574
Depends on: 1673594
Attachment #9182546 - Attachment is obsolete: true
Depends on: 1674030
Depends on: 1674341
Depends on: 1674352
Depends on: 1674926
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5d0b324f4397
Auto upgrade mixed display content in Nightly. r=annevk

https://hg.mozilla.org/mozilla-central/rev/5d0b324f4397

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox84: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 84 Branch

Hi Christoph,
This updates security.mixed_content.upgrade_display_content to build on nightly from FFv84. Does that mean this will also be on by default in all other builds when FFv84 is release? i.e. this feature will no longer be experimental and I can remove this section: https://wiki.developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features#Upgrading_mixed_display_content

Flags: needinfo?(ckerschb)

Christoph, please ignore above. I'm pretty sure has to be as I have indicated.

Docs for this are now in MDN at Web security > Mixed content >Loading mixed-content resources > Upgrading mixed-display resources

There is more information on what was done in https://github.com/mdn/sprints/issues/3906#issuecomment-728664905

Flags: needinfo?(ckerschb)

(In reply to Hamish Willee from comment #11)

Hey Hamish, thanks for reaching out and double checking. To avoid any confusion, the flag security.mixed_content.upgrade_display_content is set to true in Nightly only and will not be on by default in any of our release versions.

FWIW, we have Bug 1672106 on file where we are considering enabling it in release mode - but there are no definite plans to do so just now.

Christoph, thank you very much. A little work now to undo some of this, but that's what you get for making assumptions.

Regressions: 1695173
See Also: → 1703847
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: