為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Mixed content - https vs http

more options

In the browser Chrome, after going to a website starting with https://, it gave me the below message:

Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'. This request has been blocked; the content must be served over HTTPS.

Which is good but in Firefox, it doesn't recognize this issue which should.

Can you please update Firefox browser to recognize the issue and give us a proper message like Chrome does?

In the browser Chrome, after going to a website starting with https://, it gave me the below message: Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'. This request has been blocked; the content must be served over HTTPS. Which is good but in Firefox, it doesn't recognize this issue which should. Can you please update Firefox browser to recognize the issue and give us a proper message like Chrome does?

所有回覆 (4)

more options

hello arashqa, could you provide a sample of a site where this happens? in principle firefox does support mixed content blocking - however, by default it will only block "active" mixed content (that are scripts, stylesheets and other stuff that might get dangerous). another thing that might interfere is addons like adblock, noscript and others which are already blocking particular content that may cause the message... Mixed content blocking in Firefox https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

more options

It's a work site, basically the site was set up to use https:// and there were a few links which when I tried to click on them, they put http:// not https:// and that was causing problems in Chrome since Chrome expected the links having same protocol as the site but in Firefox it worked.

more options

Note that you can leave out the protocol and leave the two starting forward slashes to use the same protocol as was used to open the page.

  • //support.mozilla.org/en-US/questions/1033992
more options

I think all browsers allow you to leave a secure page for an insecure page (from HTTPS link to HTTP link) without a warning, otherwise you would go crazy using Google and other search engines that use HTTPS. There is an exception for when a form is being submitted from a secure page to an insecure page: then you definitely should get a warning that your submission isn't being encrypted.

What Firefox and other browsers now pay closer attention to is content pulled into the page, treating some as high risk (such as scripts) and some as low risk (such as JPEG images). You can adjust Firefox's settings to block this lower risk "display" content if you like. (It requires switching the security.mixed_content.block_display_content preference from false to true in the about:config preferences editor.)