Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

HTTPS mode in all windows only failure

more options

When going to a site with FF, 90 which has partial secure information FF still allows access even though the site is not completely https. this should not be allowed HTTPS only should work if the site is completely compliant with HTTPS.

The example site is https://www.brampton.ca//en/online-services/pages/bramcams.aspx

If you click on one of the camera images with "https mode in all windows only" set, no image is displayed and the icon suggest HTTPS but the site is only partial https.

With "https mode in all windows" no configured you get the secure lock icon with the exclamation. see enclosed.

When going to a site with FF, 90 which has partial secure information FF still allows access even though the site is not completely https. this should not be allowed HTTPS only should work if the site is completely compliant with HTTPS. The example site is https://www.brampton.ca//en/online-services/pages/bramcams.aspx If you click on one of the camera images with "https mode in all windows only" set, no image is displayed and the icon suggest HTTPS but the site is only partial https. With "https mode in all windows" no configured you get the secure lock icon with the exclamation. see enclosed.
Attached screenshots

All Replies (6)

more options

Note that clicking the padlock and selecting "HTTPS-Only Mode: Off temporarily" is sufficient to load the camera images (they are accessed via http://192.82.150.11:xxxx).

more options

For me, HTTPS Only mode blocks insecure embedded images.

For confirmation, I have this old test page (third image is insecure and can't be upgraded to HTTPS): https://www.jeffersonscher.com/res/mixed-display.html

more options

I see what you mean but I think FF should refuse to display the page if it is mixed https as the configuration setting is ""https-only mode in all windows"

more options

The mixed content is blocked. You would prefer to see nothing at all than only the secure content?

more options

Correct. Like Co-rel says I can override it if I wish.

more options

Seems like a lot of extra work. Definitely would not want it to default to that behavior.