Re: HTTPS enforcement broken for page resources
Posted: Fri Nov 18, 2016 3:45 pm
Note that the above quote seems to no longer be true in current Firefox and NoScript versions. https://www.informaction.com/ does not load resources with "security.mixed_content.block_display_content" set to "true" in about:config and ".informaction.com" configured for HTTPS enforcement in NoScript. Even though HSTS is configured, according to https://www.ssllabs.com/ssltest/analyze ... action.com.Meee wrote:On a side note, informaction.com is now all-HTTPS (including HSTS), so it can no longer be used to test this issue.
Firefox 49.0.2 as provided by Linux Mint, 64-bit. NoScript 2.9.0.14 from the official Mozilla addon repository.
Browser Console shows ("http" changed to "hxxp" to pass the forum filter):
Blocked loading mixed active content “hxxp://www.informaction.com/data/oss.css”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/iasw.jpg”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/flashgot/logo.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/noscript/nosc ... -small.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/spedifax/logo.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/pop3trap/logo.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data//badge-flashgot.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data//badge-noscript.png”[Learn More]www.informaction.com
Blocked loading mixed display content “hxxp://www.informaction.com/data/donate2.gif”[Learn More]www.informaction.com
