Closed Bug 983485 Opened 10 years ago Closed 8 years ago

Mixed content policy should have an option to force secure instead of blocking

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1246537

People

(Reporter: shell_layer-mozilla, Unassigned)

Details

(Whiteboard: [domsecurity-backlog]) 

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release)
Build ID: 20140218140359

Steps to reproduce:

HTTPS sites containing insecure resources frequently have the same resource available at the secure equivalent.



Actual results:

Mixed Content Blocker will either just block mixed content, which breaks pages,
or just allow it, which breaks security.


Expected results:

There should be an option (about:config is OK) to *force mixed content to HTTPS* instead of blocking it.

If there is not actually a HTTPS version available, the page will simply break as before.
But if there is a HTTPS version, the page will be fixed and fully secure :).
That sounds very similar to HSTS priming. For further information look at Bug 1246537.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Component: Security → DOM: Security
Resolution: --- → DUPLICATE
Whiteboard: [domsecurity-backlog]
You need to log in before you can comment on or make changes to this bug.