Firefox will block insecure downloads soon by default (Firefox 92)


Level 37
Thread author
Top poster
Nov 10, 2017
Mozilla's Firefox web browser will block the download of insecure files soon in mixed content environments.

Mixed content refers to sites using secure connections and insecure connections. Imagine the following scenario: you visit a secure site that is using HTTPS and start a download by clicking on a link. The linked resource is not on a HTTPS resource, but on a HTTP resource; this is what mixed content in the context of downloads refer to.

Files that are transferred via insecure connections may be tampered with, for instance by other actors on a network.

Firefox will block insecure downloads that originated from HTTPS sites soon, likely in Firefox 92, which will be released on September 7, 2021.

Firefox won't download the file in this case automatically; the browser displays a warning in the download panel -- File not downloaded. Potential security risk -- with a red exclamation mark icon.

The screenshots and about:config (how to disable it)