[opensuse-web] annoying warning in SeaMonkey but not Firefox
http://fm.no-ip.com/SS/Suse/mixedSecurityWeb1409.png shows for https://en.opensuse.org/ pages what SeaMonkey does that Firefox does not. Anyone know which setting can be changed to make both browsers behave alike here? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-web+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-web+owner@opensuse.org
Felix Miata wrote on 2014-09-22 15:07 (GMT-0400):
http://fm.no-ip.com/SS/Suse/mixedSecurityWeb1409.png shows for https://en.opensuse.org/ pages what SeaMonkey does that Firefox does not. Anyone know which setting can be changed to make both browsers behave alike here?
security.warn_mixed_display_content is the setting, which doesn't exist in FF, and in SM defaults to true. That begs the question, why do these pages have mixed content, and before that even, why are en.opensuse.org pages served as https? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-web+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-web+owner@opensuse.org
Felix Miata <mrmazda@earthlink.net> 9/22/2014 4:19 PM >>>
Felix Miata wrote on 2014-09-22 15:07 (GMT-0400):
http://fm.no-ip.com/SS/Suse/mixedSecurityWeb1409.png shows for https://en.opensuse.org/ pages what SeaMonkey does that Firefox does not. Anyone know which setting can be changed to make both browsers behave alike here?
security.warn_mixed_display_content is the setting, which doesn't exist in FF, and in SM defaults to true.
That begs the question, why do these pages have mixed content
That's a good question, and we probably need to look into it. My guess is that someone posted an image that is linked via HTTP rather than using HTTPS or a protocol relative link.
and before that even, why are en.opensuse.org pages served as https?
We offer SSL on the openSUSE sites for the benefit of those who want a secure browsing experience. You do not have to use it. However, it does have HSTS enabled, and browsers that support HSTS will enforce SSL for a time if you decide to switch to SSL at any point. At some point, it is likely that SSL will be completely enforced. Aside from the security, it will eventually be require to maintain search engine rankings. See http://arstechnica.com/security/2014/08/in-major-shift-google-boosts-search-....
participants (2)
-
Felix Miata -
Matthew Ehle