badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard

mixed.badssl.com: Don't redirect image to HTTPS.

Open lgarron opened this issue 9 years ago • 4 comments

Chrome treats it as mixed content if any HTTP URL was touched, but it might be more useful for testing other clients if we actually received the content over HTTP.

lgarron avatar Jul 06 '15 20:07 lgarron

Yes, that's true... mixedbaddsslredirect

rugk avatar Oct 20 '15 14:10 rugk

Can't this just be solved by editing/removing this line which explicitly specifies the (unwanted) redirect?

rugk avatar Oct 22 '15 23:10 rugk

Yes, but I want http://mixed.badssl.com to redirect to HTTPS. My preferred solution would be a few more lines, where we serve only the image in question from HTTP (and also redirect the image from HTTPS to HTTP, just to be sure).

lgarron avatar Oct 23 '15 00:10 lgarron

I ran into this as Chrome now upgrades media (as per Mixed Content Level 2), but the behavior of https://mixed.badssl.com/ doesn't allow observing what Chrome would do in case of failure to obtain the image over HTTPS.

annevk avatar May 10 '21 14:05 annevk