https://www.nytimes.com fails to render correctly in aurora, in the 
latest Chrome, and the latest IE10.

firefox and chrome are silent about the problem, which I believe is 
mixed content.  the firefox error log contains multiple reports like
Error: Blocked loading mixed active content 
"http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
Source File: https://www.nytimes.com/
Line: 0

IE10 displays a warning that insecure content has been blocked and 
offers to accept all content.  If clicked, the page re-renders 
correctly.  Chrome is silent.

I foresee trouble is this problem is common, particularly when no 
warning is given.  But I don't see the average user understanding the IE 
warning either.  Sigh.

On 05/22/2013 09:13 AM, Millwood wrote:
> https://www.nytimes.com fails to render correctly in aurora, in the
> latest Chrome, and the latest IE10.
>
> firefox and chrome are silent about the problem, which I believe is
> mixed content.  the firefox error log contains multiple reports like
> Error: Blocked loading mixed active content
> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
> Source File: https://www.nytimes.com/
> Line: 0
>
> IE10 displays a warning that insecure content has been blocked and
> offers to accept all content.  If clicked, the page re-renders
> correctly.  Chrome is silent.
>
> I foresee trouble is this problem is common, particularly when no
> warning is given.  But I don't see the average user understanding the IE
> warning either.  Sigh.
>

In Aurora what happens if you click on the shield icon, to the left of 
the globe icon, and select "Disable Protection on This Page" from the 
drop down?

<https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>

-- 
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Daily 24.0a1
I abhor GG.

On 22.05.2013 15:13, Millwood wrote:
> https://www.nytimes.com fails to render correctly in aurora, in
> the latest Chrome, and the latest IE10.
>
> firefox and chrome are silent about the problem, which I believe
> is mixed content.  the firefox error log contains multiple
> reports like
> Error: Blocked loading mixed active content
> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
> Source File: https://www.nytimes.com/
> Line: 0
>
> IE10 displays a warning that insecure content has been blocked
> and offers to accept all content.  If clicked, the page
> re-renders correctly.  Chrome is silent.
>
> I foresee trouble is this problem is common, particularly when no
> warning is given.  But I don't see the average user understanding
> the IE warning either.  Sigh.

WFM: Ubuntu 10.04, Firefox 20. *But* 
<http://validator.w3.org/check?uri=https%3A%2F%2Fwww.nytimes.com&charset=%28detect+automatically%29&doctype=Inline&group=0> 
says: 389 Errors, 49 warning(s) - no comment. :-(
And it contains branches depending on the browser you come. Whats 
your browser's user string?

Christoph

-- 
email:
nurfuerspam -> gmx
de -> net

On 05/22/2013 10:17 AM, Christoph Schmees wrote:
> On 22.05.2013 15:13, Millwood wrote:
>> https://www.nytimes.com fails to render correctly in aurora, in
>> the latest Chrome, and the latest IE10.
>>
>> firefox and chrome are silent about the problem, which I believe
>> is mixed content.  the firefox error log contains multiple
>> reports like
>> Error: Blocked loading mixed active content
>> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
>> Source File: https://www.nytimes.com/
>> Line: 0
>>
>> IE10 displays a warning that insecure content has been blocked
>> and offers to accept all content.  If clicked, the page
>> re-renders correctly.  Chrome is silent.
>>
>> I foresee trouble is this problem is common, particularly when no
>> warning is given.  But I don't see the average user understanding
>> the IE warning either.  Sigh.
>
> WFM: Ubuntu 10.04, Firefox 20. *But*
> <http://validator.w3.org/check?uri=https%3A%2F%2Fwww.nytimes.com&charset=%28detect+automatically%29&doctype=Inline&group=0>
> says: 389 Errors, 49 warning(s) - no comment. :-(
> And it contains branches depending on the browser you come. Whats
> your browser's user string?
>
> Christoph
>

Hi Christoph

Millwood is using a development build of Firefox called Aurora, 
currently version 23.0a2, with the new Mixed Content Blocking feature.

Allowing the mixed content should solve the problem.

The page looks exactly the same in my Firefox 20.0 which doesn't have 
Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed content.

Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20130522 Firefox/23.0

-- 
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Release
I despise GG.

On 05/22/2013 09:13 AM, Millwood wrote:
> https://www.nytimes.com fails to render correctly in aurora, in the
> latest Chrome, and the latest IE10.
>
> firefox and chrome are silent about the problem, which I believe is
> mixed content.  the firefox error log contains multiple reports like
> Error: Blocked loading mixed active content
> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
> Source File: https://www.nytimes.com/
> Line: 0
>
> IE10 displays a warning that insecure content has been blocked and
> offers to accept all content.  If clicked, the page re-renders
> correctly.  Chrome is silent.
>
> I foresee trouble is this problem is common, particularly when no
> warning is given.  But I don't see the average user understanding the IE
> warning either.  Sigh.
>

Known bug.

<https://bugzilla.mozilla.org/show_bug.cgi?id=862164>



-- 
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Release
I despise GG.

WaltS wrote:
> On 05/22/2013 09:13 AM, Millwood wrote:
>> https://www.nytimes.com fails to render correctly in aurora, in the
>> latest Chrome, and the latest IE10.
>>
>> firefox and chrome are silent about the problem, which I believe is
>> mixed content.  the firefox error log contains multiple reports like
>> Error: Blocked loading mixed active content
>> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
>> Source File: https://www.nytimes.com/
>> Line: 0
>>
>> IE10 displays a warning that insecure content has been blocked and
>> offers to accept all content.  If clicked, the page re-renders
>> correctly.  Chrome is silent.
>>
>> I foresee trouble is this problem is common, particularly when no
>> warning is given.  But I don't see the average user understanding the IE
>> warning either.  Sigh.
>>
>
> In Aurora what happens if you click on the shield icon, to the left of
> the globe icon, and select "Disable Protection on This Page" from the
> drop down?
>
> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>
>
Wheels within wheels.

I have been running the Australis Redsigned Theme v 0.1.2 which I rather 
like.  But it breaks the shield mechanism - it doesn't appear.

The shield does allow the page to display.  As best I can tell, this 
setting is not remembered so you need to do it each time.  And there is 
no way my wife would ever figure out that she needed to click on the 
shield, or understand the choice if she did.  I consider her a fairly 
literate "normal" user of computers.

Thanks for educating me.

Millwood wrote:
> https://www.nytimes.com fails to render correctly in aurora, in the
> latest Chrome, and the latest IE10.
>
> firefox and chrome are silent about the problem, which I believe is
> mixed content. the firefox error log contains multiple reports like
> Error: Blocked loading mixed active content
> "http://css.nyt.com/css/0.1/screen/build/homepage/styles.css"
> Source File: https://www.nytimes.com/
> Line: 0
>
> IE10 displays a warning that insecure content has been blocked and
> offers to accept all content. If clicked, the page re-renders correctly.
> Chrome is silent.
>
> I foresee trouble is this problem is common, particularly when no
> warning is given. But I don't see the average user understanding the IE
> warning either. Sigh.
Toast in Chrome Mac
Works Like Charm in Aurora
Toast in Maxthon
Works In Safari
Works In Opera and Opera next
Works In OmniWeb
Works In FireFox21.5 beta
Works Perfect in iCab
Apparently Maxthon is a Cross between Chrome and FireFox. Looks Like it 
hates Chromes version of Javascript or CSS.  I can't Vouch for IE I use 
a Mac It would surprise me If IE did work The still Flaunt Standards and 
their own way.


-- 
Phillip M. Jones, C.E.T.      "If it's Fixed, Don't Break it"
http://www.phillipmjones.net    mailto:pjonescet@comcast.net

In message <v9SdnUJ9f-buRgHMnZ2dnUVZ_tOdnZ2d@mozilla.org>, WaltS 
<wls15202@REMOVEyahoo.com> writes:
[]
>Allowing the mixed content should solve the problem.
>
>The page looks exactly the same in my Firefox 20.0 which doesn't have 
>Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed 
>content.
[]
What is "mixed content" (and why might one want to block it 
specifically)?
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"The people here are more educated and intelligent. Even stupid people in
Britain are smarter than Americans." Madonna, in RT 30 June-6July 2001 (page
32)

On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
> In message <v9SdnUJ9f-buRgHMnZ2dnUVZ_tOdnZ2d@mozilla.org>, WaltS
> <wls15202@REMOVEyahoo.com> writes:
> []
>> Allowing the mixed content should solve the problem.
>>
>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>> content.
> []
> What is "mixed content" (and why might one want to block it
> specifically)?
>

That was explained in this link I provided in my first reply to Millwood.

<https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>

"When an HTTPS page contains HTTP resources, the HTTP resources are 
called Mixed Content."

Read the whole post for a better understanding.

-- 
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Release
I despise GG.

WaltS wrote:
> On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
>> In message <v9SdnUJ9f-buRgHMnZ2dnUVZ_tOdnZ2d@mozilla.org>, WaltS
>> <wls15202@REMOVEyahoo.com> writes:
>> []
>>> Allowing the mixed content should solve the problem.
>>>
>>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>>> content.
>> []
>> What is "mixed content" (and why might one want to block it
>> specifically)?
>>
>
> That was explained in this link I provided in my first reply to Millwood.
>
> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>
>
> "When an HTTPS page contains HTTP resources, the HTTP resources are
> called Mixed Content."
>
> Read the whole post for a better understanding.
>
IMHO, this is going to be incomprehensible for the average user.  As 
such, I urge firefox to take an "under the radar" approach.  Only block 
stuff blocked by both IE and Chrome, so any site firefox breaks is 
broken everywhere!  (https://www.nytimes.com is broken everywhere).

On 05/23/2013 09:15 AM, Millwood wrote:
> WaltS wrote:
>> On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
>>> In message <v9SdnUJ9f-buRgHMnZ2dnUVZ_tOdnZ2d@mozilla.org>, WaltS
>>> <wls15202@REMOVEyahoo.com> writes:
>>> []
>>>> Allowing the mixed content should solve the problem.
>>>>
>>>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>>>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>>>> content.
>>> []
>>> What is "mixed content" (and why might one want to block it
>>> specifically)?
>>>
>>
>> That was explained in this link I provided in my first reply to Millwood.
>>
>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>>
>>
>> "When an HTTPS page contains HTTP resources, the HTTP resources are
>> called Mixed Content."
>>
>> Read the whole post for a better understanding.
>>
> IMHO, this is going to be incomprehensible for the average user.  As
> such, I urge firefox to take an "under the radar" approach.  Only block
> stuff blocked by both IE and Chrome, so any site firefox breaks is
> broken everywhere!  (https://www.nytimes.com is broken everywhere).
>

IMHO, average (all) users should read release notes, review menus and 
preferences for changes with each update.

It is a known Firefox bug as I pointed out in another post in this thread.

The <http://www.nytimes.com/> version loads just fine.

My belief is that once a user disables protection on a mixed content 
page the user won't see the shield again, but I can not confirm that 
because I never run into any mixed content pages in my daily routine.

It will be a major PITA to have to activate the shield, and disable 
protection on every visit.

I will continue testing bookmarked sites that are not a part of my daily 
routine.

-- 
openSUSE 12.3 (64-bit) KDE 4.10.2
Thunderbird Daily 24.0a1
I abhor GG.

In message <dpOdnWPH4dVdYgDMnZ2dnUVZ_t-dnZ2d@mozilla.org>, WaltS 
<wls15202@REMOVEyahoo.com> writes:
>On 05/23/2013 02:05 AM, J. P. Gilliver (John) wrote:
>> In message <v9SdnUJ9f-buRgHMnZ2dnUVZ_tOdnZ2d@mozilla.org>, WaltS
>> <wls15202@REMOVEyahoo.com> writes:
>> []
>>> Allowing the mixed content should solve the problem.
>>>
>>> The page looks exactly the same in my Firefox 20.0 which doesn't have
>>> Mixed Content Blocking, and Aurora 23.0a2 when I allow the mixed
>>> content.
>> []
>> What is "mixed content" (and why might one want to block it
>> specifically)?
>>
>
>That was explained in this link I provided in my first reply to Millwood.
>
><https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-
>firefox-aurora/>
>
>"When an HTTPS page contains HTTP resources, the HTTP resources are 
>called Mixed Content."
[]
Thanks. (I don't always follow posted links, especially to blogs.)

I think a better term would be mixed-security content (or even
Mixed-Security Content if we must), but I guess we're stuck with
"Mixed Content" now.
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Bother," said Pooh, as he fell off the bridge with his stick.