tracking: insecure downloads

[Thorin-Oakenpants]

Add this active true when ready

[META?] 1654777

dom.block_download_insecure [FF80+]

• FF82+ 1656296 add indicator
• FF84+ 1660969 ship panel/button to manually confirm/override block
• 1662138 "save link as..." on mixed content downloads is silently blocked
• WONTFIX 1654780 drag and drop bypass

note: telemetry says about 10% of downloads initiated from secure sites are insecure

---

Status

• FF92+ Early Beta 1723783

  • In other words, we see that 98.5% of downloads rely on https these days (at least in Nightly).

• FF93+ Ride the train 1685479
  • as of Aug 13th 2021

---

Closing

It will happen when it happens

• telemetry shows we're down to 1.5% (from 10%)
• just been extended from nightly to early beta
• HoM upgrades resources - see 1685479#c3

  • but you could enable https-only mode which upgrades all resources to https

  • maybe that will help in some cases, IDK
• I tried to replicate 1654780 (drag n drop bypasses), which was closed as WONTFIX, with HoM on windows + no-deelevate. Using the site listed in the bugzilla ... the 5mb test zip, dragging the icon saves me a png, dragging a port link saves me a link ¯\_(ツ)_/¯ .. clicking the links ended up with errors

[Thorin-Oakenpants]

closing, see OP