[HTTPS-Everywhere] Mixed Content Blocker
Drake, Brian
brian at drakefamily.tk
Fri Jan 17 18:58:30 PST 2014
On Wed, Jan 15, 2014 at 0622 (UTC), Jacob Hoffman-Andrews
<jsha at newview.org>wrote:
> On 01/14/2014 1452 (UTC), Drake, Brian wrote:
> > The first thing to do is to get some decent documentation on how things
> > work now
>
> You're right, we do need better documentation. Right now the only mention
> on the HTTPS Everywhere site is a blurb about the Chrome beta, from before
> Firefox implemented Mixed Content Blocking.
>
> Do you think you could put together what we've discussed so far on this
> thread, plus the linked tickets, into some candidate documentation?
>
That’s a nice idea, but it’s still not clear how things work now, and I
think it’s fundamentally flawed anyway (that’s in addition to whatever
flaws the browsers have). I’m going to make a couple more posts today to
elaborate on this.
> (Of course, the user should also be able to turn off the mixed content
> > blocker entirely, but that’s probably a separate issue.)
>
> You can actually do this. On Firefox, go to about:config and search for
> security.mixed_content.block_active_content.
>
> On Chrome, start the browser with --allow-running-insecure-content:
> https://support.google.com/chrome/answer/1342714?hl=en
>
I can’t speak for Chrome, but from when I looked at the UI and
documentation, it’s almost as if Mozilla doesn’t want anyone to know about
their mixed content preferences. That’s just my opinion (but it seems to be
one shared by many others).
(By the way, they were talking about pushing out a patch for Firefox 24 to
make the setting persistent for a given domain, but it doesn’t seem to have
made it into Firefox 25. Unless they did a good job of hiding that one as
well.)
[removed James from CC list]
--
Brian Drake
All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2014 Brian Drake. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140118/29ea5eec/attachment.html>
More information about the HTTPS-Everywhere
mailing list