[X] My Assistant

Since this happened to me after a regular Firefox nightly update I expect many more reports soon...

Report it to Mozilla if anywhere.

Chrome might get the same experiment, if Mozilla's "succeeds", though. Might want to plan ahead on how to make H@H work with HTTPS.

Might want to plan ahead on how to make H@H work with HTTPS.

I have a plan, but a) it's pointless security theater, b) it's busywork I'd rather spend on something worth-while, c) it will require additional (and more fragile) DNS infrastructure, and d) it will add significant additional delay for downloading every single image, both for the DNS lookup and TLS handshake.

If Firefox does push something like this by themselves, all Firefox users will get a nice fat "Firefox is not supported, get a non-retarded browser" message, but obviously, if Chrome does it as well, we will have to. And it will suck. Which is why you should tell Mozilla to cut it the fuck out.

I have a plan, but a) it's pointless security theater, (IMG:[invalid] style_emoticons/default/cool.gif) it's pointless busywork, c) it will require additional (and more fragile) DNS infrastructure, and d) it will add significant additional delay for downloading every single image, both for the DNS lookup and TLS handshake.

If Firefox does push something like this by themselves, all Firefox users will get a nice fat "Firefox is not supported, get a non-retarded browser" message, but obviously, if Chrome does it as well, we will have to. And it will suck. Which is why you should tell Mozilla to cut it the fuck out.

And if Firefox users just stop upgrading their browers to every last releashit ?

I have FF three years old now, and I'm still happy with it (don't run H@H thou', bandwidth on mobile is pretty shitty here).

And what about Opera users ? (I have & use it too, thou' FF is still my favorite).

And if Firefox users just stop upgrading their browers to every last releashit ?

It's generally not recommended, as most releases include a fix for some sort of severe security vulnerability, but technically-minded users would be able to turn off this "feature", and you would be able to use the ESR (extended support release) for a year or two as well.

And what about Opera users ? (I have & use it too, thou' FF is still my favorite).

Recent versions of Opera is basically an UI on top of Blink (the Chrome rendering engine), so presumably they will do whatever Chrome ends up doing.

Asking for countries with strict laws:
Is there a way to make hentaiverse-game as subdomain for e-hentai with https? If I know correct, https makes it so only first level domain is visible for providers, but no other. So if country try to say "you visited e-hentai" as a prove, you can say "I just played a game"? (IMG:[invalid] style_emoticons/default/smile.gif)
p.s I didn't know where to ask it. Thread seems eligible for this.

Is there a way to make hentaiverse-game as subdomain for e-hentai with https? If I know correct, https makes it so only first level domain is visible for providers, but no other. So if country try to say "you visited e-hentai" as a prove, you can say "I just played a game"? (IMG:[invalid] style_emoticons/default/smile.gif)

No part of the hostname is revealed in plaintext when using HTTPS, but the DNS lookup would be unless you do some trickery on your end. So this would not actually do what you think it does.

No part of the hostname is revealed in plaintext when using HTTPS, but the DNS lookup would be unless you do some trickery on your end. So this would not actually do what you think it does.

Forgot about that (IMG:[invalid] style_emoticons/default/sad.gif) So there is no way make it looks like requests goes to ip of e-hentai, while actually goes to hentaiverse if looking on it from internet provider side? Feels like simple redirecting on server side will be the same as host both sides on one agent which is nah.

This is probably an issue with Firefox Nightly where it will forcefully upgrade HTTP passive mixed content to HTTPS and doesn't fallback if it fails.
Change security.mixed_content.upgrade_display_content to false in about:config meanwhile.

Probably worth noting that this pref was turned off again in [bugzilla.mozilla.org] bug 1435733, and was Nightly-only before that. So right now this is just something they're experimenting with, and it looks like it broke a lot of other stuff too.

No part of the hostname is revealed in plaintext when using HTTPS, but the DNS lookup would be unless you do some trickery on your end. So this would not actually do what you think it does.

Though modern browsers support SNI and always send it in ClientHello unencrypted, for everyone who bother to look, even in TLS 1.3 drafts.

If I know correct, https makes it so only first level domain is visible for providers, but no other. So if country try to say "you visited e-hentai" as a prove, you can say "I just played a game"? (IMG:[invalid] style_emoticons/default/smile.gif)

No, any-level domain is visible. What is not visible in HTTPS is a path&arguments after domain (i.e. index.php?showtopic=201800&st=260 in this page) and transmissed data. Your provider can tell that you opened forums.e-hentai.org, and same would be with hentaiverse.e-hentai.org.
The thing that you want is having hentaiverse under e-hentai.org/hentaiverse/. But I doubt Tenboro will do this. I won't list technical things because first of all: nobody can guarantee that in problematic countries you won't go in jail just for visiting front page of this forum.

I'm sure the simplest answer is "use a different browser," but does anyone have suggestions on how to get galleries working with Firefox Quantum 59? The setting mentioned above (security.mixed_content.upgrade_display_content) isn't listed in about:config. Instead there's...

security.mixed_content.block_active_content
security.mixed_content.block_display_content
security.mixed_content.block_object_subrequest

I've tried various combinations of true and false for these settings, but gallery images still fail to load.

Mozilla has a [support.mozilla.org] page on this as well, but the button to disable protection that it talks about doesn't appear.

Pretty sure you can just add that setting in about:config manually.

This post has been edited by Maximum_Joe: Mar 20 2018, 18:14

I'm sure the simplest answer is "use a different browser," but does anyone have suggestions on how to get galleries working with Firefox Quantum 59?

There shouldn't be any issues with Firefox 59 even with default settings. Most likely your problem lies elsewhere.

OK! I disabled every add-on, saw that galleries were working, and gradually re-enabled them until I found the culprit was Ghostery. Since it wasn't picking up any trackers, I hadn't thought it would be affecting the site.

Thanks for the advice (and for tolerating my ignorance). (IMG:[invalid] style_emoticons/default/blush.gif)