Firefox 65.0-1 - Parts of this page are not secure (images) [FALSE POSITIVE]

forum
firefox

#1

The manjaro forum obviously has some images stored on a server using http rather than https because Firefox is now flagging this up with a warning symbol and message to say the site is not secure. this is clearly not a major issue right now but if Firefox as well as Google start blocking access to insecure pages (which is increasingly happening with Google Chrome already) then there could be a problem in the future with this.

I’m not on about a thread with externally hosted images posted by users. This appears on the top level of the forum itself https://forum.manjaro.org/


#2

Not for me…
manjaro-forum

But it will show that, when you have watched topics, that has insecure images, like user submitted picture links.


#3

you can hit the i in a circle in the address bar to go to page info and use the media tab to see the addresses of all the images loaded.


#4

It’s gone now for me too so may have been a false positive or issue with the Let’s Encrypt service used to verify pages :man_shrugging:

Like I posted, I had not opened any topics yet strit.


#5

If this happens again, open Page Info and check which media is being served over HTTP:


#6

If it does I’ll certainly let you know which file(s) but I reckon it was a verification service issue and not something on the forum since it corrected itself so quickly. Correct me if I’m wrong but none of the images that appear on the forum front page are sourced externally, they’re all on the server accessed via https://forum.manjaro.org aren’t they? Even user avatars (if you change to latest posts from categories) which would be the only items not in the site’s style sheets. That’s what it shows currently anyhow.


#7

Correct.

You “shouldn’t” see a mixed-content warning on the forum.


#8

#goatheard :laughing:

Theoretical - if a user links an image from a http source the mixed source issue could arise.


#9

yeah, I can understand that happening in an actual thread where people are posting images to share or for assistance with problems but not the top level of the forum itself. That’s why I flagged this up yesterday. Thankfully though it does appear to have been an anomaly caused by the verifying service.


#10

There is one other thing - when the title in the tab shows a number of new posts or replies - this function uses printing to the canvas which can cause alerts about canvas fingerprinting though that should not be the case according to our #goatherd


#11