Author Topic: Heads-up: Firefox 127 will auto-upgrade or block non-HTTPS images on HTTPS pages  (Read 4154 times)

0 Members and 1 Guest are viewing this topic.

Online HwAoRrDkTopic starter

  • Super Contributor
  • ***
  • Posts: 1573
  • Country: gb
Firefox version 127 has recently been released, and includes a change that may impact display of some content (particularly older content) here on the EEVBlog forums. In fact, any website containing user-linked content.

Formerly, if a secure HTTPS page contained 'mixed' security of media content (images/audio/video) - that is, contained media loaded from non-HTTPS URLs - it would load the unsecured content and simply display a warning on the padlock icon in the address bar.

Now, with the introduction of Firefox 127, that behaviour has changed. Firefox will now instead attempt to auto-upgrade requests for non-secure content on a secure page to HTTPS, and if those requests fail (because the server doesn't actually support HTTPS, only HTTP) then the content will not be shown at all.

What does this mean for the EEVBlog forum? In a lot of posts, particularly in the past, people have embedded images from remote servers (i.e. not as post attachments) with HTTP-only URLs. If these images are not available at the same URL using HTTPS instead of HTTP, then these images will appear to go 'missing'.

Mozilla blog post announcing the change

I have no idea whether this new behaviour differs or falls in line with other browsers like Chrome, Edge, or Safari.
 
The following users thanked this post: thm_w


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf