Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

Disable upgrading HTTP images to HTTPS site

  • 3 Antworten
  • 0 haben dieses Problem
  • 8 Aufrufe
  • Letzte Antwort von Terry

more options

Hi!

Is there any settings or about:config settings or addons that disable upgrading HTTP to HTTPS for images? I have HTTPS site which redirects from HTTP to HTTPS from server side so I cant visit it on HTTP mode. This HTTPS only site uses external images from HTTP only site that does not speak HTTPS.

Firefox writes in browser console: > Content Security Policy: Upgrading insecure request ‘http://site.com/someimage.jpg’ to use ‘https’

How do I disable this behavior? Any about:config settings or browser addons to get rid of this?

Hi! Is there any settings or about:config settings or addons that disable upgrading HTTP to HTTPS for images? I have HTTPS site which redirects from HTTP to HTTPS from server side so I cant visit it on HTTP mode. This HTTPS only site uses external images from HTTP only site that does not speak HTTPS. Firefox writes in browser console: > Content Security Policy: Upgrading insecure request ‘http://site.com/someimage.jpg’ to use ‘https’ How do I disable this behavior? Any about:config settings or browser addons to get rid of this?

Alle Antworten (3)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?

more options

Sorry, can't post link here.

But important key takeaway is that this page has <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> in it's html source code and I either need some plugin to remove it from source code before Firefox starts to parse HTML or some hack to modify Firefox to ignore this.

It also had Upgrade-Insecure-Requests http header but that I was able to remove with Modify Header Value (HTTP Headers) addon so this meta tag is the only suspect left.

Geändert am von wybqogzigoxruxdhnp

more options

There is this preference in about:config which you can change to false. I don't know whether that is effective against such code on the website. browser.fixup.fallback-to-https

I see that I also have this preference (set to */*). image.http.accept

Geändert am von Terry