Mixed Content Blocker causing issues for users of educational website: Taskstream.com (similar to 844556)

RESOLVED WORKSFORME

Status

()

Firefox
Security
RESOLVED WORKSFORME
5 years ago
3 months ago

People

(Reporter: Michael Del Rio, Unassigned)

Tracking

(Blocks: 1 bug)

23 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130730113002

Steps to reproduce:

Use our educational tools website (www.taskstream.com) with FF version 23 which introduced Mixed Content Blocker and view/create user content that refers to "http://".


Actual results:

User content which uses iframes now disappears because our site is HTTPs protected and their content is not (and even doesn't support HTTPs).   Using the new feature "Disable Protection on This Page" logs out user and doesn't take affect--that feature doesn't seem to remember/identify the page on our site.   Only changing the default of Security.mixed_content.block_active_content to “false” works, but this only works on a per user basis and is very "un-user" friendly.




Expected results:

Either the "Disable Protection on This Page" feature should properly remember the page, but preferably there should be some way to allow an entire website domain to be excluded.

Can you create a whitelist and can "*.taskstream.com" be added to it?

Comment 1

5 years ago
Can you provide a link to a page that demonstrates this behavior?
Component: Untriaged → Security
Blocks: 844556
I am not able to see your behavior using Latest Nightly 26 build. Can you please answer to the question on Comment 1?
Flags: needinfo?(mdelrio)
(Reporter)

Updated

5 years ago
Flags: needinfo?(mdelrio)
Whiteboard: The problem is apparently related to framesets. Our site currently uses frameset to operate (we are looking to eventually eliminate this).
(Reporter)

Comment 3

5 years ago
The problem is apparently related to framesets.  Our site currently uses frameset to operate (we are looking to eventually eliminate this).  When the frame inside has this issue, the property doesn't seem to be associated with the frame instead, it goes to the frameset.  This probably because the interface to make the change is on the URL address bar.

I'm currently working with my team to see if we can get you a login to view the case, but this info should allow you to construct a test case.
Whiteboard: The problem is apparently related to framesets. Our site currently uses frameset to operate (we are looking to eventually eliminate this).

Comment 4

a year ago
educational website face same problem like using mixed content in our website. people know very well about mixed content of website http://www.dissertationhelplove.co.uk we are expert in dissertation and assignment writing service expert.

Comment 5

3 months ago
Seems to be fixed.
The example in comment 4 is no longer available.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.