642
submitted 1 year ago by buh@lemmy.world to c/firefox@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] towerful@programming.dev 4 points 1 year ago

I think I phrased it wrong, or there is a confusion with terms.
If a page is loaded with HTTPS, then images/CSS/JS/iFrames (resources) will not load over HTTP. The resources also have to be served via HTTPS.
If a page is loaded over HTTP, then resources (images/CSS/JS/iFrames) can be loaded over HTTPS.

My objection was to the "even if a server has HTTPS, some resources will still load over HTTP"

[-] Chobbes@lemmy.world 4 points 1 year ago

As far as I know, this is not strictly true either. I believe most browsers currently block mixed active content like JavaScript or iframes, but will happily load images and such over HTTP (although I would not be surprised if this is changing).

this post was submitted on 03 Oct 2023
642 points (98.9% liked)

Firefox

17302 readers
444 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS