Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Upgrade passive mixed content to HTTPS #33592

Closed
8 tasks done
Tracked by #544
dipikabh opened this issue May 13, 2024 · 2 comments
Closed
8 tasks done
Tracked by #544

[Security] Upgrade passive mixed content to HTTPS #33592

dipikabh opened this issue May 13, 2024 · 2 comments
Assignees
@hamishwillee
Labels
Content:Security Security docs Firefox 127

Comments

@dipikabh
Copy link
Contributor

dipikabh commented May 13, 2024
edited by hamishwillee
Loading

Acceptance criteria

  • The listed features are documented sufficiently on MDN
  • BCD is updated
  • Interactive example and data repos are updated if appropriate
  • The content has been reviewed as needed

For folks helping with Firefox related documentation

  • Set bugs to dev-doc-complete
  • Add entry to Firefox release notes for enabled/preview features
  • Add/remove entry to Firefox experimental features page for preference/released features

Related Gecko bugs

  • Bug 1779757: [meta] Implement Mixed Content Level 2

  • "Intent to Ship":

    • Summary: Currently, Firefox is loading passive mixed content. These are loads of type image, audio and video with an HTTP URL while the top-level document load is over HTTPS. With this feature, we will automatically upgrade image, audio and video elements to HTTPS. There will be no fallback to HTTP. If such a subresource is unavailable over HTTPS, it will just not load. This aligns us with the latest revision of the Mixed Content specification. - This feature is currently undergoing a gradual roll-out, where up to 40% of our users are already experiencing this behavior.
    • Specification: https://w3c.github.io/webappsec-mixed-content/
    • Preference: The pref security.mixed_content.upgrade_display_content will be set to true.
    • This feature is already enabled in Nightly-only

Related pages on MDN

Other

  • Check content open issues to see if any pertain to the subject matter. If there are any that can be closed because of the work, do so. If there are any that can be fixed relatively quickly because of the knowledge from completing this issue and you have time, feel free to go ahead and fix them.
@github-actions github-actions bot added Content:Firefox Content in the Mozilla/Firefox subtree Content:Security Security docs needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels May 13, 2024
@dipikabh dipikabh added Firefox 127 and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. Content:Firefox Content in the Mozilla/Firefox subtree labels May 13, 2024
@dipikabh dipikabh mentioned this issue May 13, 2024
Closed
@hamishwillee hamishwillee mentioned this issue May 23, 2024
Closed
@hamishwillee
Copy link
Collaborator

See also #33696 that will be fixed if this is done right

@hamishwillee hamishwillee self-assigned this May 24, 2024
@hamishwillee hamishwillee mentioned this issue May 28, 2024
Merged
@hamishwillee
Copy link
Collaborator

hamishwillee commented May 28, 2024
edited
Loading

Status:

This was referenced May 28, 2024
Merged
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamishwillee hamishwillee

Labels
Content:Security Security docs Firefox 127
Projects
MDN Web Docs Content Team
Status: Archive
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hamishwillee @dipikabh @Josh-Cena