Consider auto upgrading passive mixed content in Nightly
Categories
(Core :: DOM: Security, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox84 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, Whiteboard: [domsecurity-active])
Attachments
(1 file, 1 obsolete file)
We could consider to auto-upgrade mixed passive content like:
- audio, video
- images
from http to https.
Given the current state of the internet, that should probably work.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 2•4 years ago
|
||
Assignee | ||
Comment 3•4 years ago
|
||
Let's make sure flipping this pref does not do any harm to TRY:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=fa0a44c5ddd3a5359b9b1487a246025ea9ad9fda
Assignee | ||
Comment 4•4 years ago
|
||
Assignee | ||
Comment 5•4 years ago
|
||
Updated•4 years ago
|
Updated•4 years ago
|
Assignee | ||
Comment 6•4 years ago
|
||
Assignee | ||
Comment 7•4 years ago
|
||
Pushed by csabou@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5d0b324f4397 Auto upgrade mixed display content in Nightly. r=annevk
Comment 9•4 years ago
|
||
bugherder |
Comment 10•4 years ago
|
||
Hi Christoph,
This updates security.mixed_content.upgrade_display_content
to build on nightly from FFv84. Does that mean this will also be on by default in all other builds when FFv84 is release? i.e. this feature will no longer be experimental and I can remove this section: https://wiki.developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features#Upgrading_mixed_display_content
Comment 11•4 years ago
|
||
Christoph, please ignore above. I'm pretty sure has to be as I have indicated.
Docs for this are now in MDN at Web security > Mixed content >Loading mixed-content resources > Upgrading mixed-display resources
There is more information on what was done in https://github.com/mdn/sprints/issues/3906#issuecomment-728664905
Assignee | ||
Comment 12•4 years ago
|
||
(In reply to Hamish Willee from comment #11)
Hey Hamish, thanks for reaching out and double checking. To avoid any confusion, the flag security.mixed_content.upgrade_display_content
is set to true
in Nightly only
and will not be on by default in any of our release versions.
FWIW, we have Bug 1672106 on file where we are considering enabling it in release mode - but there are no definite plans to do so just now.
Updated•4 years ago
|
Comment 13•4 years ago
|
||
Christoph, thank you very much. A little work now to undo some of this, but that's what you get for making assumptions.
Description
•