Cómo arreglar un sitio web con Contenido Mixto bloqueado

by 1 contributor:

A partir de la versión 23 de Firefox , Firefox bloquea el Contenido Mixto Activo por defecto. Este comportamiento sigue una práctica adoptada por Internet Explorer (desde la versión 9) y Chrome.

En esta página se explica qué debes tener en cuenta como un desarrollador web.

Your website may break

If your website delivers HTTPS pages, all active mixed content delivered via HTTP on this pages will be blocked by default. Consequently, your website may appear broken to users (if iframes or plugins don't load, etc.). Passive mixed content is displayed by default, but users can set a preference to block this type of content, as well.

Note that since mixed content blocking already happens in Chrome and Internet Explorer, it is very likely that if your website works in both of these browsers, it will work equally well in Firefox with mixed content blocking.

In any case, the best way to know if something is broken in Firefox is to download the latest Aurora, open different pages on your website with the web console open (enable the "Security" messages) and see if anything related to mixed content is reported. If nothing is said about mixed content, your website is in good shape: Keep making excellent websites!

How to fix your website

The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.

For your own domain, serve all content as HTTPS and fix your links.  Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.

For other domains, use the site's HTTPS version if available. If HTTPS is not available, you can try contacting the domain and asking them if they can make the content available via HTTPS.

If you share source code between the SSL and non-SSL versions of your website, you can use protocol relative links.

<script src="//example.com/script.js" type="text/javascript"></script>

This way, you can leave the scheme out entirely and rely on the browser to use the protocol of the embedding webpage.  If your user is visiting the HTTP version of your webpage, the script will be loaded over http:// and if your user is visiting the HTTPS version of your webite, the script will be loaded over https://.

Etiquetas y colaboradores del documento

Contributors to this page: miguelon
Última actualización por: miguelon,