Summary: As part of increasing readiness to ship Mixed Content Level 2, we’re enabling the flag to upgrade some passive mixed content in Nightly only. Previously this would result in the mixed content indicator. Loads of type image, audio, and video will be upgraded by rewriting the URL from http: to secure transport using https:. As specified, there will be no fallback if the resource is not available over HTTPS.
We will keep this in Nightly for a couple of cycles, before we let it ride the trains. Bug: <https://bugzilla.mozilla.org/show_bug.cgi?id=1633743> https://bugzilla.mozilla.org/show_bug.cgi?id=1672106 Standard: <https://w3c.github.io/webappsec-mixed-content/level2.html> https://www.w3.org/TR/mixed-content/ Platform coverage: All Preference: security.mixed_content.upgrade_display_content Our standards position: https://mozilla.github.io/standards-positions/#mixed-content Devtools bug: N/A. We already log to the console. Other browsers: Chrome has been shipping that behavior since Chrome 81; no public signal from Apple. web-platform-tests: Exist at mixed-content/tentative/autoupgrades Intent to prototype was at https://groups.google.com/g/mozilla.dev.platform/c/F163Jz32oYY Best regards, Tomer, Freddy and Christoph -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFZDW_oCeU2b5_mLUiB_o3L17PDzZAoX1ca8QvsaosCgKXzL6A%40mail.gmail.com.
