If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

https://www.aeriagames.com/ does not work properly because of mixed content blocking

NEW
Unassigned

Status

Tech Evangelism
Desktop
P3
major
4 years ago
5 months ago

People

(Reporter: mwobensmith, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [mcb-chrome][mcb-ie] [needscontact], URL)

Mixed content blocking is a feature that prevents insecure elements on secure pages from loading. In Firefox 23, this feature will default to blocking "active" insecure content, which may break some web sites. 

More information on Firefox's Mixed Content Blocker is below: 
http://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

The security feature is currently breaking the HTTPS version of www.aeriagames.com. It also appears to be functioning incorrectly in Chrome 26 and IE10.

https://www.aeriagames.com/ should render and function like http://www.aeriagames.com/, but it doesn't because some HTTP resource(s) are not loaded.  Here is a list of the active, HTTP resources that were blocked: 

Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/css/default_theme.css" @ https://www.aeriagames.com/
Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/css/page-front.css" @ https://www.aeriagames.com/
Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/bin/vendor/mootools/mootools-core-1.4.5-full-compat-yc.js" @ https://www.aeriagames.com/
Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/bin/vendor/mootools/mootools-more-1.4.0.1-optimize.js" @ https://www.aeriagames.com/
Blocked loading mixed active content "http://s.aeriastatic.com/themes/main/js/main.js" @ https://www.aeriagames.com/
Blocked loading mixed active content "http://s.aeriastatic.com/modules/js/AG/version1/AG_2013_02_21.js" @ https://www.aeriagames.com/

Updated

4 years ago
Whiteboard: [mcb-chrome][mcb-ie]
Most URLs have been fixed to remove protocol, so no longer a mixed content issue.

Issue remains that HTTPS stylesheets exist and are blocked due to bad SSL cert.

Comment 2

4 years ago
It seems that aeriagames tried to fix their mixed content issues, and ended up breaking their website in the process :(

aeriagames stylesheet is blocked because of an SSL cert error (a completely separate issue from Mixed Content Blocker).  The SSL version of the website hence doesn't render properly across browsers (ex: it doesn't render in Safari; Safari doesn't have a Mixed Content Blocker).

They now use a protocol relative url to host their css:
<link rel="stylesheet" href="//s.aeriastatic.com/themes/main/css/default_theme.css" />

But the HTTPS version of the CSS has an invalid cert:
https://s.aeriastatic.com/themes/main/css/default_theme.css

Updated

3 years ago
Component: English US → Desktop
Seems mostly fixed, but not quite: still a couple of resources load on http.
Whiteboard: [mcb-chrome][mcb-ie] → [mcb-chrome][mcb-ie] [needscontact]
Still a bug.
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.