Closed Bug 1723783 Opened 4 years ago Closed 4 years ago

Enable Mixed Content Download Protection also in Early Beta

Categories

(Core :: DOM: Security, task, P1)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
92 Branch
Tracking Flags:
Tracking Status
firefox92 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1723783: Enable Mixed Content Download Protection also in Early Beta
48 bytes, text/x-phabricator-request
Details | Review

Currently the pref dom.block_download_insecure is set to IS_NIGHTLY_BUILD. I think we are at a point where we can also enable it in EARLY_BETA.

Our telemetry says this new security feature blocks around 1.5% of downloads, but we have an overwrite which allows users to explicitly allow the insecure download. In other words, we see that 98.5% of downloads rely on https these days (at least in Nightly).

Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/1f38e94d4428 Enable Mixed Content Download Protection also in Early Beta r=Gijs

https://hg.mozilla.org/mozilla-central/rev/1f38e94d4428

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox92: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: