this post was submitted on 03 Oct 2023
657 points (99.0% liked)

Firefox

17301 readers
43 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 1 year ago (1 children)

I think I phrased it wrong, or there is a confusion with terms.
If a page is loaded with HTTPS, then images/CSS/JS/iFrames (resources) will not load over HTTP. The resources also have to be served via HTTPS.
If a page is loaded over HTTP, then resources (images/CSS/JS/iFrames) can be loaded over HTTPS.

My objection was to the "even if a server has HTTPS, some resources will still load over HTTP"

[โ€“] Chobbes 4 points 1 year ago

As far as I know, this is not strictly true either. I believe most browsers currently block mixed active content like JavaScript or iframes, but will happily load images and such over HTTP (although I would not be surprised if this is changing).