Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[feature request] auto-upgrade mixed content
See original GitHub issueTest plan
See https://github.com/brave/brave-core/pull/4537
Description
Chrome has an experiment to auto-upgrade various types of mixed content: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ZJxkCJq5zo4/4sSMVZzBAwAJ, https://docs.google.com/document/d/1dp-kuN25wnEbMPNWBxM8LvOjyeydWpXPklNnGcsWK1o/edit#.
This is a good candidate to consider for enabling by default in Brave
Some considerations:
- Sites which serve different content over HTTPS vs HTTP can cause a confusing situation in which a site experiencing auto-upgrades is not simply broken but just wrong. A contrived example: forbes used to serve their regular site on http://forbes.com and their SecureDrop landing page on https://forbes.com. If a site iframed forbes.com, it would be totally different after the auto-upgrade.
- At what point in the request cycle should HTTPS Everywhere upgrades happen? Currently I think they might happen after mixed content blocking, which is non-ideal. Ideally I think the order should be
HTTPS-E upgrades -> mixed content auto-upgrade -> any content blocking.
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (1 by maintainers)
Top Results From Across the Web
Autoupgrade Audio/Video Mixed Content
This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a ...
Read more >Fixing mixed content - web.dev
Find out how to fix mixed content errors on your website, in order to protect users and ensure that all of your content...
Read more >Chromium Docs - Mixed content Autoupgrade
Scope. Audio, video, and image subresources are upgraded. Blockable (i.e. all other types of) mixed content are blocked without an autoupgrade attempt.
Read more >No More Mixed Messages About HTTPS - Chromium Blog
In Chrome 81, mixed images will be autoupgraded to https://, and Chrome will block them by default if they fail to load over...
Read more >Google Chrome 81 Will Not Load Mixed Content
Chrome 81 Will auto-upgrade mixed content images without a fallback. This has the potential to break websites.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yep, it would be great to see Brave ship this as well. Note that we’re also planning to ship a “Not Secure” omnibox warning for mixed images in M80, in hopes of driving sites to fix before autoupgrading+blocking in 81.
Chrome’s current plan is to roll out videos and audio in Chrome 80 and measure breakage such that images would be considered in 81, this suggests Brave could match that timeline or even go first.
I’ll take a look at the upgrading before HTTPS Everywhere and the current ordering.