发表新帖
发表新帖

Mixed content blocking behavior in Firefox

后端 未结
关注
2 882
伪装坚强ぢ
伪装坚强ぢ 2021-01-22 16:05

In Firefox version 23, mixed content blocking behavior is added.It means that Firefox has blocked content that is insecure on the page you\'re visiting.It shows the shield icon

2条回答
  • 渐次进展
    渐次进展 (楼主)
    2021-01-22 16:27

    You cannot turn this off remotely! Except in your own browser, of course.

    That is: Your rails application cannot turn off mixed-content blocking in the browser.

    This is a preference only a (skilled) user may change in her browser... But shouldn't in the age of Firesheep, etc.

    Instead, you should make all your active content available via https.

    Or downgrade to insecure http. Since you're essentially wanting to allow Man-In-The-Middle attacks anyway, because that's what mixed-content means, the result of using http in the first place wouldn't be that much different. The only difference would be that a MITM could stay passive in http-only, instead of having to actively modify data in https-mixed-mode. But, seriously, what percentage of your users would recognize an active MITM, who maybe even only runs a small targeted attack?

    0 讨论(0)
 看不清?
提交回复
热议问题