Mixed content popup on every page because of metaverse image

GET request is sent to the images cdn over http protocol, causing a mixed contents popup on every page I visit.

image

<a class="text-nav menu-item" href="https://www.roblox.com/sponsored/MetaverseChampions" title="MetaverseChampions">
    <img src="http://images.rbxcdn.com/aceb6b45ec34402567757ef999eae572" alt="">
</a>

I’m using Firefox 88.0.

The CDN should also be redirecting requests to https and setting an sts header.

16 Likes

just noticed all the CDNs for place files, images, etc are configured the same.

They should either be upgrading requests to https:// and setting an sts header in the response so the browser knows to use https until the expiration, or rejecting requests not using https protocol entirely.

Not directly related to the mixed contents popup, but it’s similar enough to be worth mentioning here.

3 Likes

Thanks for the report! We’ve filed a ticket to our internal database and we’ll follow up when we have an update for you.

2 Likes

Hi @gigagiele.

The first part has been resolved, the mixed contents popup is gone and the image is loaded over https://.

Is the second part for the http → https upgrade and STS header part of this ticket, or was it logged under a different ticket in jira?

1 Like