Firefox中的混合内容阻止行为 [英] Mixed content blocking behavior in Firefox
问题描述
有人可以指导我吗? 当然,除了在你自己的浏览器中。
即:你的rails应用程序不能关闭浏览器中的混合内容阻塞。
这是一个偏好只有一个(熟练)的用户可能会在她的浏览器中改变。但是不应该在Firesheep等年龄段。
相反,您应该通过https 使所有活动内容可用。 b
$ b
或者降级为不安全HTTP。既然你基本上想要允许中间人攻击,因为这就是混合内容的含义,首先使用http的结果不会有太大的不同。唯一的区别是,MITM可以保持在只有http的被动中,而不必在https混合模式下主动修改数据。但是,严重的是,你的用户中有多少比例能够识别出一个活跃的MITM,他们甚至可能只进行一次小型的有针对性的攻击呢?
In Firefox version 23, mixed content blocking behavior is added.It means that Firefox has blocked content that is insecure on the page you're visiting.It shows the shield icon in the address bar which blocks some uploads in my app.From development side how to turn off this behavior?? .I am in ruby on rails development.
Can anybody guide me??
You cannot turn this off remotely! Except in your own browser, of course.
That is: Your rails application cannot turn off mixed-content blocking in the browser.
This is a preference only a (skilled) user may change in her browser... But shouldn't in the age of Firesheep, etc.
Instead, you should make all your active content available via https.
Or downgrade to insecure http. Since you're essentially wanting to allow Man-In-The-Middle attacks anyway, because that's what mixed-content means, the result of using http in the first place wouldn't be that much different. The only difference would be that a MITM could stay passive in http-only, instead of having to actively modify data in https-mixed-mode. But, seriously, what percentage of your users would recognize an active MITM, who maybe even only runs a small targeted attack?
这篇关于Firefox中的混合内容阻止行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!