ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

HTTPS mode in all windows only failure

  • 6 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 14 ნახვა
  • ბოლოს გამოეხმაურა jscher2000 - Support Volunteer

When going to a site with FF, 90 which has partial secure information FF still allows access even though the site is not completely https. this should not be allowed HTTPS only should work if the site is completely compliant with HTTPS.

The example site is https://www.brampton.ca//en/online-services/pages/bramcams.aspx

If you click on one of the camera images with "https mode in all windows only" set, no image is displayed and the icon suggest HTTPS but the site is only partial https.

With "https mode in all windows" no configured you get the secure lock icon with the exclamation. see enclosed.

When going to a site with FF, 90 which has partial secure information FF still allows access even though the site is not completely https. this should not be allowed HTTPS only should work if the site is completely compliant with HTTPS. The example site is https://www.brampton.ca//en/online-services/pages/bramcams.aspx If you click on one of the camera images with "https mode in all windows only" set, no image is displayed and the icon suggest HTTPS but the site is only partial https. With "https mode in all windows" no configured you get the secure lock icon with the exclamation. see enclosed.
მიმაგრებული ეკრანის სურათები

ყველა პასუხი (6)

Note that clicking the padlock and selecting "HTTPS-Only Mode: Off temporarily" is sufficient to load the camera images (they are accessed via http://192.82.150.11:xxxx).

For me, HTTPS Only mode blocks insecure embedded images.

For confirmation, I have this old test page (third image is insecure and can't be upgraded to HTTPS): https://www.jeffersonscher.com/res/mixed-display.html

I see what you mean but I think FF should refuse to display the page if it is mixed https as the configuration setting is ""https-only mode in all windows"

The mixed content is blocked. You would prefer to see nothing at all than only the secure content?

Correct. Like Co-rel says I can override it if I wish.

Seems like a lot of extra work. Definitely would not want it to default to that behavior.