Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Disable upgrading HTTP images to HTTPS site

  • 3 cavab
  • 0 have this problem
  • 8 views
  • Last reply by Terry

more options

Hi!

Is there any settings or about:config settings or addons that disable upgrading HTTP to HTTPS for images? I have HTTPS site which redirects from HTTP to HTTPS from server side so I cant visit it on HTTP mode. This HTTPS only site uses external images from HTTP only site that does not speak HTTPS.

Firefox writes in browser console: > Content Security Policy: Upgrading insecure request ‘http://site.com/someimage.jpg’ to use ‘https’

How do I disable this behavior? Any about:config settings or browser addons to get rid of this?

Hi! Is there any settings or about:config settings or addons that disable upgrading HTTP to HTTPS for images? I have HTTPS site which redirects from HTTP to HTTPS from server side so I cant visit it on HTTP mode. This HTTPS only site uses external images from HTTP only site that does not speak HTTPS. Firefox writes in browser console: > Content Security Policy: Upgrading insecure request ‘http://site.com/someimage.jpg’ to use ‘https’ How do I disable this behavior? Any about:config settings or browser addons to get rid of this?

All Replies (3)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?

more options

Sorry, can't post link here.

But important key takeaway is that this page has <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> in it's html source code and I either need some plugin to remove it from source code before Firefox starts to parse HTML or some hack to modify Firefox to ignore this.

It also had Upgrade-Insecure-Requests http header but that I was able to remove with Modify Header Value (HTTP Headers) addon so this meta tag is the only suspect left.

Modified by wybqogzigoxruxdhnp

more options

There is this preference in about:config which you can change to false. I don't know whether that is effective against such code on the website. browser.fixup.fallback-to-https

I see that I also have this preference (set to */*). image.http.accept

Modified by Terry