Mixed content blocking is a feature that prevents insecure elements on secure pages from loading. In Firefox 23, this feature will default to blocking "active" insecure content, which may break some web sites. More information on Firefox's Mixed Content Blocker is below: http://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ The security feature is currently breaking the HTTPS version of www.aeriagames.com. It also appears to be functioning incorrectly in Chrome 26 and IE10. https://www.aeriagames.com/ should render and function like http://www.aeriagames.com/, but it doesn't because some HTTP resource(s) are not loaded. Here is a list of the active, HTTP resources that were blocked: Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/css/default_theme.css" @ https://www.aeriagames.com/ Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/css/page-front.css" @ https://www.aeriagames.com/ Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/bin/vendor/mootools/mootools-core-1.4.5-full-compat-yc.js" @ https://www.aeriagames.com/ Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/bin/vendor/mootools/mootools-more-188.8.131.52-optimize.js" @ https://www.aeriagames.com/ Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/main.js" @ https://www.aeriagames.com/ Blocked loading mixed active content "http://s.aeriastatic.com/modules/js/AG/version1/AG_2013_02_21.js" @ https://www.aeriagames.com/
Most URLs have been fixed to remove protocol, so no longer a mixed content issue. Issue remains that HTTPS stylesheets exist and are blocked due to bad SSL cert.
It seems that aeriagames tried to fix their mixed content issues, and ended up breaking their website in the process :( aeriagames stylesheet is blocked because of an SSL cert error (a completely separate issue from Mixed Content Blocker). The SSL version of the website hence doesn't render properly across browsers (ex: it doesn't render in Safari; Safari doesn't have a Mixed Content Blocker). They now use a protocol relative url to host their css: <link rel="stylesheet" href="//s.aeriastatic.com/themes/main/css/default_theme.css" /> But the HTTPS version of the CSS has an invalid cert: https://s.aeriastatic.com/themes/main/css/default_theme.css
Seems mostly fixed, but not quite: still a couple of resources load on http.
Whiteboard: [mcb-chrome][mcb-ie] → [mcb-chrome][mcb-ie] [needscontact]
Still a bug.
Priority: -- → P3
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WORKSFORME
Component: Desktop → Desktop
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.