Open djcater opened 3 years ago
Good idea, especially now that Firefox is experimenting with autoupgrade as well. Maybe "mixed-no-upgrade.badssl.com" and it can include the image via http://http.badssl.com/resources/image.jpg instead (which downgrades HTTPS back to HTTP).
https://mixed.badssl.com/
In Chrome 86, the
http:
image is auto-upgraded tohttps:
(https://mixed.badssl.com/image.jpg), which works on the mixed.badssl.com subdomain as it supportshttps:
.I wanted a test case to see if an
http:
image gets blocked on anhttps:
page if the image domain doesn't supporthttps:
, therefore I can't use this page as a testcase for that.Could we have an example where the image comes from a domain which doesn't support
https:
?