Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Firefox will now automatically try to upgrade <img>, <audio>, and <video> elements from HTTP to HTTPS if they are embedded within an HTTPS page. If these so-called mixed content elements do not support HTTPS, they will no longer load.

Really interesting, and I think it makes sense, why show a padlock and mislead the user if not all content is properly going through HTTPS?



They don't show a full padlock. They show one with a warning icon


Does it? so if the content can't be auto-upgraded to HTTPS, will be blocked.

I rather have a padlock with a warning that... a broken website because missing content?


There is an article linked in the release notes that allows users to opt-in to a less secure option.

https://blog.mozilla.org/security/2024/06/05/firefox-will-up...


I'd say the website was already broken. I'd rather block content than have insecure resources fetched with a potentially sensitive referrer. That is, I don't want `https://example.com/why-does-my-butt-hurt` to fetch `http://media.example.com/spacer.gif` over the coffee shop's open wi-fi.


Very solid point and why it matters. I wonder if other browsers are or will do the same.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: