Please serve wiki active content securely

Request a website or interface feature.
Posts: 1
Joined: Sun Sep 24, 2017 1:18 pm

Please serve wiki active content securely

Postby ferdnyc » Sun Sep 24, 2017 1:45 pm

Hopefully this is the right place for a bug report, apologies otherwise (and please do point me to the correct location).

Running Firefox 55.0.3 (Linux x86_64), I'm seeing all wiki pages at being displayed without their stylesheets (and missing other script content), because those elements are being blocked as Mixed Active Content. This is due to the fact that they use http:// URLs, inside a secure https:// page environment.

The Firefox console logs the following, on load of any wiki page (e.g.
14:07:31.599 Blocked loading mixed active content “*” [Learn More]

14:07:31.605 Blocked loading mixed active content “*” [Learn More]

14:07:33.172 Loading failed for the <script> with source “*”.

It appears that the http CSS/script URLs redirecting to https URLs is not sufficient, the source URLs need to be specified as https:// in the page <HEAD> in order to satisfy Firefox.

The PHP tool "Mixed Content Scan", linked to from Mozilla's "Learn More" page above, reports the same content warnings on basically every page of the wiki:

(The image URLs, although they are producing warnings in mixed-content-scan, will still be loaded because they are Display Content, rather than Active Content like CSS and JavaScript.)