Firefox 23 added a new feature that automatically blocks mixed content. Mixed content comes into play when browsing secure websites. (i.e. websites with “https”), when the webpage doesn’t serve everything on the https protocol but serves some images on http.
Normally, this isn’t really the big issue. However, if you are concerned about security and especially tracking, then you might want to prevent this happening. Firefox understands that and automatically blocks mixed content. When browsing a secure website displaying mixed content, you might view something like this: “Firefox has blocked content that isn’t secure”.
As you note in the URL, browsing WordPress.org is likely to throw up this warning. This is because Firefox automatically blocks all active content like scripts that aren’t also served on the https protocol.
Hitting “Disable Protection on This Page” will fix it for the particular page. However, it won’t respect this on other sites. If you’re like me, this isn’t a helpful feature but rather a pain! And, you’ll want to disable this.
Here’s how you do it.
Firefox has two parameters that control the blocking of content. These are:
- security.mixed_content.block_active_content (default is true)
- security.mixed_content.block_display_content (default is false)
These default settings will block scripts but not images, which means you’ll still be able to see most pages normally. If you want to change any of these settings, just open up a new tab and hit “about:config“. Once you click through the warning, you’ll be presented with the entire list of parameters that control Firefox.
Simply search for “mixed_content” and you’ll see the above two parameters.
In order to toggle the settings just double-click “block_active_content”.
You’ll note that the Status will change to “user set”. Reload the page again and you’ll notice that the scripts aren’t blocked anymore.
Know any good Firefox tip? Comment below and tell us about it.