Firefox

20516 readers

10 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

golden_zealot@lemmy.ml

640

Say (an encrypted) hello to a more private internet. (blog.mozilla.org)

submitted 2 years ago by buh@lemmy.world to c/firefox@lemmy.ml

64 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] towerful@programming.dev 4 points 2 years ago (1 children)

I think I phrased it wrong, or there is a confusion with terms.
If a page is loaded with HTTPS, then images/CSS/JS/iFrames (resources) will not load over HTTP. The resources also have to be served via HTTPS.
If a page is loaded over HTTP, then resources (images/CSS/JS/iFrames) can be loaded over HTTPS.

My objection was to the "even if a server has HTTPS, some resources will still load over HTTP"

[–] Chobbes@lemmy.world 4 points 2 years ago

As far as I know, this is not strictly true either. I believe most browsers currently block mixed active content like JavaScript or iframes, but will happily load images and such over HTTP (although I would not be surprised if this is changing).