I noticed earlier in the week that canary builds were blocking javascript from running in an HTTP page that is in a frame in an HTTPS page (that is in a frame of a top-level HTTP page). [blocked] insecure content
Oddly, I noticed that today it is not being blocked. I suspect this is just a bug, I haven't nailed down the details.
But what I'd like to know is what is the plan? The Stable channel release does not block this script from running, we just get a warning, not a [blocked] in the scenario where we have HTTP -> HTTPS -> HTTP.
I assume the intent is to block it, and that this new behavior will eventually be pushed to the Stable channel, is that correct?