InformAction Forums

On a side note, informaction.com is now all-HTTPS (including HSTS), so it can no longer be used to test this issue. Note that the above quote seems to no longer be true in current Firefox and NoScript versions. https://www.informaction.com/ does not load resources with "security.mixed_content....

Just to bring this topic back to the first page of the topics list: Another domain (there aren't many, luckily) to test the issue: http://blog.linuxmint.com/

With ".linuxmint.com" configured for HTTPS enforcement.

On a side note, informaction.com is now all-HTTPS (including HSTS), so it can no longer be used to test this issue.

Can you please compare HTTPFox logs with a "working" NoScript and latest NoScript, on ubuntuforums? I don't know, but HTTPFox seems to offer less functionality then the Firefox's built-in Network tool as well as not being actively maintained. And I don't see any browser-add-on interaction...

Actually, this seems to be due to a change in NoScript. I tested with Iceweasel 43, and NoScript up to version 2.9.0.6 works, while 2.9.0.7rc2 and later doesn't. So that it seems to be due to the following change in its version history: x [HTTPS] Removed legacy redirection methods when redirectTo() ...

Thanks for looking into this!

This looks like a recent change in Firefox, because it used to work before. Last time I checked is a few months ago, I think (I use stable releases only).

In other words, you can't reproduce it. Since the "HTTP/404 response" is not what I reported. In my case, the requests are never sent. Could you try http://ubuntuforums.org/ instead (placing ".ubuntuforums.org" into the HTTPS enforcement field)? That one allows resource load over...

I don't know since when, but I have noticed the HTTPS enforcement no longer works for page resources. Test procedure: 1. Set "security.mixed_content.block_display_content" to "true" in about:config. 2. Place ".informaction.com" (without the quotes) into the HTTPS enforc...