Tag for Chrome & FF23+ all the rulesets where mixed content breaks things (!)
Recent versions of Chromium and Chrome have implemented an automatic mechanism to block the loading of insecure HTTP scripts from HTTPS origins. At first there was a loud popup message whenever that happened, but now the only indication in the UI is a small shield in the address bar, which the user can click on to force the insecure scripts to load.
Google has replied "won't fix" to any UX or extension API requests we made about this: https://code.google.com/p/chromium/issues/detail?id=144637
As a result, we are going to need a major push to identify rulesets that break sites in Chrome because of this mechanism, and disable them on that platform. This ticket will track that task.
Activity
We can achieve this by adding platform="firefox" to all of these rulesets. But it's probably a better idea to make a new pseudoplatform, "mixed", for all HTTPS Everywhere ports where mixed content loads.
Trac:
Cc: N/A to palmer@google.comThe Firefox master branch will currently consider rulesets marked platform="mixedcontent" enabled, while other platforms including Chrome will not.
Trac:
Type: defect to task
Trac:
Username: macleod199
Cc: palmer@google.com to palmer@google.com, mmacleod@ieee.orgSimilar mixed content blocking is landing in Firefox so this is going to be an even higher priority.
MB has been labelling a lot of rulesets as "partial". I doubt this corresponds precisely to mixed content, but I wonder what would happen if we assumed that the "partial" rulesets should all be disabled on Chromium and whatever version of FF the mixed content blocking lands in.
-
Is there a way to get a list of all the sites for which rules exists? When I have free time, I'd be willing to systematically go through the list and create new tickets for affected sites. Currently I'm just creating tickets as I encounter an issue.
Assuming I did this.. would you want a separate ticket per site, or should I "batch" them?
Would it be useful for me to learn the rule syntax, and perhaps correct them myself and provide a "patch". If so, in what format would you like it? Just a text file with the corrected rule, or an actual "patch" file?
Where does one even find the rules in Chrome??
Trac:
Username: alphawolf 
This is basically fixed now because of #9196 (moved). We identified 754 rules in the stable branch that caused mixed content errors and marked them as platform="mixedcontent", and did a Firefox update.
I just need to test a new build of the Chromium extension with these same rules and if it looks good make a new release. I believe that this release can finally be the first stable Chromium release.
Trac:
Owner: pde to micahlee
Status: new to assigned-
Over the summer Lisa Yao, our Google Summer of Code intern, helped write a bunch of code to do automatic ruleset tests to test for mixed content. Originally it was a mozilla-central mochitest, then moved into a standalone Firefox extension, and now finally it's been merged into the HTTPS Everywhere master branch.
I've updated the readme file with how to run the tests:
You can run ruleset tests by opening about:config and changing extensions.https_everywhere.show_ruleset_tests to true. Now when you open the HTTPS Everywhere context menu there will be a "Run HTTPS Everywhere Ruleset Tests" menu item.
When you run the tests, be prepared to let your computer run them for a really long time.
The tests take over your browser by opening a ton of tabs, waiting for them to load, and seeing if the Firefox MCB gets triggered. A lot more work can be done on them, and they can be used to detect a lot more than just mixed content. But that's all they do for now.
mentioned in issue #6977 (moved)
mentioned in issue #7238 (moved)
mentioned in issue #7427 (moved)
mentioned in issue #7628 (moved)
mentioned in issue #8216 (moved)
mentioned in issue #8563 (moved)
mentioned in issue #8774 (moved)
mentioned in issue #12702 (moved)