Fx 24 mixed content detection is not force https aware
Posted: Sun Oct 27, 2013 6:06 am
Fx 17.0.10ESR & 24.0.0ESR, NS 2.6.8.4
test mixed content page
Fx 17, when ie.microsoft.com is https forced, sees the page as not mixed (i.e. secure), showing the padlock in the urlbar (mixed pages have no padlock).
Fx 24, sees it as mixed and still blocks a script. If blocking is turned off (security.mixed_content.block_active_content=false), it loads the script and still sees the page as mixed (no padlock)
for https forcing to be useful, it should affect Fx mixed detection. Perhaps this requires a change in Fx.
test mixed content page
Fx 17, when ie.microsoft.com is https forced, sees the page as not mixed (i.e. secure), showing the padlock in the urlbar (mixed pages have no padlock).
Fx 24, sees it as mixed and still blocks a script. If blocking is turned off (security.mixed_content.block_active_content=false), it loads the script and still sees the page as mixed (no padlock)
for https forcing to be useful, it should affect Fx mixed detection. Perhaps this requires a change in Fx.