Closed Bug 900440 Opened 12 years ago Closed 9 years ago

krebsonsecurity.com has active mixed content (JS and CSS) that are blocked by the mixed content blocker

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: stefan-moz02, Unassigned)

References

(
URL
)

Details

(Whiteboard: [mcb-chrome][mcb-ie] [country-us] [mcb] [sitewait])

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130729175331 Steps to reproduce: Visited https://krebsonsecurity.com/ with FireFox 23 (currently in beta) Actual results: Some JavaScript and CSS resources fail to load, with console erro: Blocked loading mixed active content "http://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes-core.css" Blocked loading mixed active content "http://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes-default.css" Blocked loading mixed active content "http://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes.js" Expected results: These resources should be loaded via https (either by fixing the references on the site, or resolving Bug 776278)
Blocks: 844556
URL: https://krebsonsecurity.com
Depends on: 776278
This is a security blog site. Also blocked on chrome, and most probably on IE (because its javascript and css). Matt, can you check IE when you have a chance?
Whiteboard: [mcb-chrome][mcb-ie?]
Whiteboard: [mcb-chrome][mcb-ie?] → [mcb-chrome][mcb-ie]
https://krebsonsecurity.com is blocked on IE(10) for me as well, so confirming for now...
Status: UNCONFIRMED → NEW
Ever confirmed: true
He has a twitter account but he's not replying to people https://twitter.com/briankrebs/ His site is powered by WordPress. In the inspector searching with img[src^=http\:] You can notice that it's often about images in his blog posts. Example <a href="http://krebsonsecurity.com/wp-content/uploads/2013/04/robotrobkb.jpg"><img class="alignright size-medium wp-image-19914" src="http://krebsonsecurity.com/wp-content/uploads/2013/04/robotrobkb-285x213.jpg" alt="robotrobkb" width="285" height="213"></a> I do not think he is typing the link markup by hand. I suspect WordPress does. He is using <meta name="generator" content="WordPress 4.0" /> which is the latest version. I wonder if this is fixing the issue. https://wordpress.org/plugins/ssl-insecure-content-fixer/ And WordPress community has a lot of issues related to Mixed Content Blocking https://wordpress.org/search/mixed+content+blocking
Assignee: english-us → nobody
Component: English US → Desktop
Whiteboard: [mcb-chrome][mcb-ie] → [mcb-chrome][mcb-ie] [country-us] [mcb] [contactready]
Contacted http://twitter.com/MozWebCompat/status/516821761879330816 but not sure he will look at it.
Summary: https://krebsonsecurity.com has active mixed content (JS and CSS) that are blocked by the mixed content blocker → krebsonsecurity.com has active mixed content (JS and CSS) that are blocked by the mixed content blocker
Whiteboard: [mcb-chrome][mcb-ie] [country-us] [mcb] [contactready] → [mcb-chrome][mcb-ie] [country-us] [mcb] [sitewait]
Not seeing any MCB errors anymore.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.