Please serve wiki active content securely

Request a website or interface feature.
ferdnyc
Posts: 1
Joined: Sun Sep 24, 2017 1:18 pm

Please serve wiki active content securely

Postby ferdnyc » Sun Sep 24, 2017 1:45 pm

Hopefully this is the right place for a wiki.thetvdb.com bug report, apologies otherwise (and please do point me to the correct location).

Running Firefox 55.0.3 (Linux x86_64), I'm seeing all wiki pages at https://www.thetvdb.com/wiki/ being displayed without their stylesheets (and missing other script content), because those elements are being blocked as Mixed Active Content. This is due to the fact that they use http:// URLs, inside a secure https:// page environment.

The Firefox console logs the following, on load of any wiki page (e.g. https://www.thetvdb.com/wiki/index.php?title=DVD_Order):
14:07:31.599 Blocked loading mixed active content “http://www.thetvdb.com/wiki/load.php?debug=false&lang=en&modules=mediawiki.legacy.commonPrint%2Cshared%7Cskins.monobook&only=styles&skin=monobook&*” [Learn More]

14:07:31.605 Blocked loading mixed active content “http://www.thetvdb.com/wiki/load.php?debug=false&lang=en&modules=startup&only=scripts&skin=monobook&*” [Learn More]

14:07:33.172 Loading failed for the <script> with source “http://www.thetvdb.com/wiki/load.php?debug=false&lang=en&modules=startup&only=scripts&skin=monobook&*”.

It appears that the http CSS/script URLs redirecting to https URLs is not sufficient, the source URLs need to be specified as https:// in the page <HEAD> in order to satisfy Firefox.

The PHP tool "Mixed Content Scan", linked to from Mozilla's "Learn More" page above, reports the same content warnings on basically every page of the wiki:


(The image URLs, although they are producing warnings in mixed-content-scan, will still be loaded because they are Display Content, rather than Active Content like CSS and JavaScript.)