badssl.com
badssl.com copied to clipboard
mixed.badssl.com: Don't redirect image to HTTPS.
Chrome treats it as mixed content if any HTTP URL was touched, but it might be more useful for testing other clients if we actually received the content over HTTP.
Yes, that's true...
Can't this just be solved by editing/removing this line which explicitly specifies the (unwanted) redirect?
Yes, but I want http://mixed.badssl.com to redirect to HTTPS. My preferred solution would be a few more lines, where we serve only the image in question from HTTP (and also redirect the image from HTTPS to HTTP, just to be sure).
I ran into this as Chrome now upgrades media (as per Mixed Content Level 2), but the behavior of https://mixed.badssl.com/ doesn't allow observing what Chrome would do in case of failure to obtain the image over HTTPS.