Closed Bug 726215 Opened 12 years ago Closed 11 years ago

Mixed HTTPS content

Categories

(Air Mozilla :: Other, defect)

Product:
Air Mozilla
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 841613

People

(Reporter: kang, Unassigned)

Details

While Air Mozilla redirects to https, and most of the page is served over https, the actual current stream is served over http.

This is mixed content (https+http) and firefox will complain about that if you click the favicon (instead of showing the certificate), for good reasons.

The URL in question is: http://mozilla.live-s.cdn.bitgravity.com:1935/content:cdn-live/mozilla/live/multibitrate.smil?width=650&height=420&AutoPlay=true

There appears to be an https equivalent URL however while it does connect, it receives no content.

Additionally, it might be interesting to enable HSTS (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
Summary: Mixed HTTPS content → Air Mozilla serves mixed HTTPS content (video is served over HTTP)
Now with mixed content blocking, if I try to view an Air Mozilla video through https://air.mozilla.org/ the vidly iframe, which uses http:, doesn't show up.
Summary: Air Mozilla serves mixed HTTPS content (video is served over HTTP) → Mixed HTTPS content
The issue with vidly is being discussed in bug 841613.
I'm forward-duping this to bug 841613, since they describe the same issue, and bug 841613 has more information / traction.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.