info
Google 網路論壇不再支援新的 Usenet 貼文或訂閱項目,但過往內容仍可供查看。
關閉
Intent to prototype: Mixed Content Auto Upgrading of display content (image, audio, video)
瀏覽次數:359 次
跳到第一則未讀訊息
Christoph Kerschbaumer
2020年10月27日 中午12:00:252020/10/27
收件者:dev-pl...@lists.mozilla.org
Summary: This security enhancing feature will automatically upgrade mixed display content from HTTP to HTTPS if the top-level document is HTTPS. Previously this would result in the mixed content indicator. Loads of type image, audio, and video will be upgraded by rewriting the URL from http: to https: without any fallback if the resource is not available over HTTPS.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1633743 <https://bugzilla.mozilla.org/show_bug.cgi?id=1633743>
Standard: https://w3c.github.io/webappsec-mixed-content/level2.html <https://w3c.github.io/webappsec-mixed-content/level2.html>
Platform coverage: All
Preference: security.mixed_content.upgrade_display_content
Devtools bug: No extra work is required for devtools.
Other browsers: Chrome has been shipping that behaviour since Chrome 81; no public signal from Apple.
web-platform-tests: There are none but we will add some within https://bugzilla.mozilla.org/show_bug.cgi?id=1673594 <https://bugzilla.mozilla.org/show_bug.cgi?id=1673594>
Cheers,
Christoph
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1633743 <https://bugzilla.mozilla.org/show_bug.cgi?id=1633743>
Standard: https://w3c.github.io/webappsec-mixed-content/level2.html <https://w3c.github.io/webappsec-mixed-content/level2.html>
Platform coverage: All
Preference: security.mixed_content.upgrade_display_content
Devtools bug: No extra work is required for devtools.
Other browsers: Chrome has been shipping that behaviour since Chrome 81; no public signal from Apple.
web-platform-tests: There are none but we will add some within https://bugzilla.mozilla.org/show_bug.cgi?id=1673594 <https://bugzilla.mozilla.org/show_bug.cgi?id=1673594>
Cheers,
Christoph
0 則新訊息