Allowing Mixed Active Content in Firefox 23+
August 13, 2013
Posted by on
So you upgraded your browser to Firefox 23 and suddenly the iframes in your Wiki page no longer display! You click Tools -> Web Developer -> Error Console and you see the message “blocked loading mixed active content”.
What’s happened? Mozilla (and, it seems, Microsoft) have stopped visitors to HTTPS sites from including an iframe that has a non-HTTPS (i.e. ordinary HTTP) URL. This is supposedly a “security feature” in that this reduces the risk of man-in-the-middle attacks (you expected your site to be secure yet portions of the site are not secure if iframes are making HTTP requests).
As a developer all that static content you thought you were so smartly serving from a fast HTTP server will now need a computationally expensive SSL proxy in front of it.
This is not generally recommended as Mozilla have made this change for a reason. However you can permanently fix this.
As a client you just want to be able to view your website’s iframe again. So here’s how:
- navigate to about:config
- search for security.mixed_content.block_active_content
You will see the URL bar change, so click on the security icon indicating the presence of mixed content.
Click on the circled security icon in the URL bar
Then select “Disable Protection on This Page”.
Change the “Keep Blocking” option
Done. See the Mozilla security blog article about this topic for more information.