Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Aurora and https://www.nytimes.com
27 views
Skip to first unread message
Millwood
May 22, 2013, 9:13:33 AM5/22/13
to
https://www.nytimes.com fails to render correctly in aurora, in the
latest Chrome, and the latest IE10.
firefox and chrome are silent about the problem, which I believe is
mixed content. the firefox error log contains multiple reports like
Error: Blocked loading mixed active content
"http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
Source File: https://www.nytimes.com/
Line: 0
IE10 displays a warning that insecure content has been blocked and
offers to accept all content. If clicked, the page re-renders
correctly. Chrome is silent.
I foresee trouble is this problem is common, particularly when no
warning is given. But I don't see the average user understanding the IE
warning either. Sigh.
latest Chrome, and the latest IE10.
firefox and chrome are silent about the problem, which I believe is
mixed content. the firefox error log contains multiple reports like
Error: Blocked loading mixed active content
"http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
Source File: https://www.nytimes.com/
Line: 0
IE10 displays a warning that insecure content has been blocked and
offers to accept all content. If clicked, the page re-renders
correctly. Chrome is silent.
I foresee trouble is this problem is common, particularly when no
warning is given. But I don't see the average user understanding the IE
warning either. Sigh.
WaltS
May 22, 2013, 9:22:01 AM5/22/13
to
the globe icon, and select "Disable Protection on This Page" from the
drop down?
<https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
--
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Daily 24.0a1
I abhor GG.
Christoph Schmees
May 22, 2013, 10:17:38 AM5/22/13
to
<http://validator.w3.org/check?uri=https%3A%2F%2Fwww.nytimes.com&charset=%28detect+automatically%29&doctype=Inline&group=0>
says: 389 Errors, 49 warning(s) - no comment. :-(
And it contains branches depending on the browser you come. Whats
your browser's user string?
Christoph
--
email:
nurfuerspam -> gmx
de -> net
WaltS
May 22, 2013, 10:51:38 AM5/22/13
to
Millwood is using a development build of Firefox called Aurora,
currently version 23.0a2, with the new Mixed Content Blocking feature.
Allowing the mixed content should solve the problem.
The page looks exactly the same in my Firefox 20.0 which doesn't have
Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed content.
Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20130522 Firefox/23.0
--
openSUSE 12.3 (64-bit) KDE 4.10.2
I despise GG.
WaltS
May 22, 2013, 11:19:49 AM5/22/13
to
On 05/22/2013 09:13 AM, Millwood wrote:
<https://bugzilla.mozilla.org/show_bug.cgi?id=862164>
Millwood
May 22, 2013, 1:52:24 PM5/22/13
to
I have been running the Australis Redsigned Theme v 0.1.2 which I rather
like. But it breaks the shield mechanism - it doesn't appear.
The shield does allow the page to display. As best I can tell, this
setting is not remembered so you need to do it each time. And there is
no way my wife would ever figure out that she needed to click on the
shield, or understand the choice if she did. I consider her a fairly
literate "normal" user of computers.
Thanks for educating me.
PhillipJones
May 22, 2013, 6:43:45 PM5/22/13
to
Works Like Charm in Aurora
Toast in Maxthon
Works In Safari
Works In Opera and Opera next
Works In OmniWeb
Works In FireFox21.5 beta
Works Perfect in iCab
Apparently Maxthon is a Cross between Chrome and FireFox. Looks Like it
hates Chromes version of Javascript or CSS. I can't Vouch for IE I use
a Mac It would surprise me If IE did work The still Flaunt Standards and
their own way.
--
Phillip M. Jones, C.E.T. "If it's Fixed, Don't Break it"
http://www.phillipmjones.net mailto:pjon...@comcast.net
J. P. Gilliver (John)
May 23, 2013, 2:05:11 AM5/23/13
to
In message <v9SdnUJ9f-buRgHM...@mozilla.org>, WaltS
<wls1...@REMOVEyahoo.com> writes:
[]
What is "mixed content" (and why might one want to block it
specifically)?
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf
"The people here are more educated and intelligent. Even stupid people in
Britain are smarter than Americans." Madonna, in RT 30 June-6July 2001 (page
32)
<wls1...@REMOVEyahoo.com> writes:
[]
>Allowing the mixed content should solve the problem.
>
>The page looks exactly the same in my Firefox 20.0 which doesn't have
>Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>content.
[]
>
>The page looks exactly the same in my Firefox 20.0 which doesn't have
>Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>content.
What is "mixed content" (and why might one want to block it
specifically)?
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf
"The people here are more educated and intelligent. Even stupid people in
Britain are smarter than Americans." Madonna, in RT 30 June-6July 2001 (page
32)
WaltS
May 23, 2013, 7:38:46 AM5/23/13
to
On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
> In message <v9SdnUJ9f-buRgHM...@mozilla.org>, WaltS
> <wls1...@REMOVEyahoo.com> writes:
> []
>> Allowing the mixed content should solve the problem.
>>
>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>> content.
> []
> What is "mixed content" (and why might one want to block it
> specifically)?
>
That was explained in this link I provided in my first reply to Millwood.
> In message <v9SdnUJ9f-buRgHM...@mozilla.org>, WaltS
> <wls1...@REMOVEyahoo.com> writes:
> []
>> Allowing the mixed content should solve the problem.
>>
>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>> content.
> []
> What is "mixed content" (and why might one want to block it
> specifically)?
>
<https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
"When an HTTPS page contains HTTP resources, the HTTP resources are
called Mixed Content."
Read the whole post for a better understanding.
Millwood
May 23, 2013, 9:15:27 AM5/23/13
to
such, I urge firefox to take an "under the radar" approach. Only block
stuff blocked by both IE and Chrome, so any site firefox breaks is
broken everywhere! (https://www.nytimes.com is broken everywhere).
WaltS
May 23, 2013, 9:39:57 AM5/23/13
to
preferences for changes with each update.
It is a known Firefox bug as I pointed out in another post in this thread.
The <http://www.nytimes.com/> version loads just fine.
My belief is that once a user disables protection on a mixed content
page the user won't see the shield again, but I can not confirm that
because I never run into any mixed content pages in my daily routine.
It will be a major PITA to have to activate the shield, and disable
protection on every visit.
I will continue testing bookmarked sites that are not a part of my daily
routine.
--
openSUSE 12.3 (64-bit) KDE 4.10.2
J. P. Gilliver (John)
May 24, 2013, 1:57:42 AM5/24/13
to
In message <dpOdnWPH4dVdYgDM...@mozilla.org>, WaltS
Thanks. (I don't always follow posted links, especially to blogs.)
I think a better term would be mixed-security content (or even
Mixed-Security Content if we must), but I guess we're stuck with
"Mixed Content" now.
<wls1...@REMOVEyahoo.com> writes:
>On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
>> In message <v9SdnUJ9f-buRgHM...@mozilla.org>, WaltS
>> <wls1...@REMOVEyahoo.com> writes:
>> []
>>> Allowing the mixed content should solve the problem.
>>>
>>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>>> content.
>> []
>> What is "mixed content" (and why might one want to block it
>> specifically)?
>>
>
>That was explained in this link I provided in my first reply to Millwood.
>
><https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-
>firefox-aurora/>
>
>"When an HTTPS page contains HTTP resources, the HTTP resources are
>called Mixed Content."
[]
>On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
>> In message <v9SdnUJ9f-buRgHM...@mozilla.org>, WaltS
>> <wls1...@REMOVEyahoo.com> writes:
>> []
>>> Allowing the mixed content should solve the problem.
>>>
>>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>>> content.
>> []
>> What is "mixed content" (and why might one want to block it
>> specifically)?
>>
>
>That was explained in this link I provided in my first reply to Millwood.
>
><https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-
>firefox-aurora/>
>
>"When an HTTPS page contains HTTP resources, the HTTP resources are
>called Mixed Content."
Thanks. (I don't always follow posted links, especially to blogs.)
I think a better term would be mixed-security content (or even
Mixed-Security Content if we must), but I guess we're stuck with
"Mixed Content" now.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf
"Bother," said Pooh, as he fell off the bridge with his stick.
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf
0 new messages