• towerful@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I think I phrased it wrong, or there is a confusion with terms.
    If a page is loaded with HTTPS, then images/CSS/JS/iFrames (resources) will not load over HTTP. The resources also have to be served via HTTPS.
    If a page is loaded over HTTP, then resources (images/CSS/JS/iFrames) can be loaded over HTTPS.

    My objection was to the “even if a server has HTTPS, some resources will still load over HTTP”

    • Chobbes@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      As far as I know, this is not strictly true either. I believe most browsers currently block mixed active content like JavaScript or iframes, but will happily load images and such over HTTP (although I would not be surprised if this is changing).