[uxp]

> [Warning] [blocked] The page at https://wybiral.github.io/localtoast/ was not allowed to display insecure content from http://127.0.0.1/. (index.js, line 172)

You sure about your claims? Your own website exhibits a countering argument.

[bradyd]

That page worked in Firefox, Chrome, and Edge for me with only warnings in the console.

Chrome v75.0.3770.100: "Mixed Content: The page at 'https://wybiral.github.io/localtoast/' was loaded over HTTPS, but requested an insecure image 'http://192.168.1.254/images/att_globe_logo.png'. This content should also be served over HTTPS."

Firefox v69.0b4: "Loading mixed (insecure) display content “http://fritz.box/css/rd/images/fritzLogo.svg” on a secure page"

Edge v44.18362.1.0: "SEC7137: [Mixed-Content] The origin 'https://wybiral.github.io' was loaded in a secure context and loaded an optionally blockable insecure image resource at 'http://fritz.box/css/rd/images/fritzLogo.svg'."

[wybiral]

The image requests only work because of mixed-content where browsers allow a TLS page to include non-TLS assets. Those are ones outside of localhost.

For localhost-only you don't get those warnings because browsers treat localhost as TLS even if it's not, such as this: https://github.com/wybiral/wtf

[wybiral]

On what browser? Works fine with Chrome and Firefox for me.

It also works in Brave Browser even when in "Tor mode" (which seems very wrong).

[to11mtm]

Some items show up as blocked for me,

But it was able to successfully ping my running Steam Client. The page works like an acid test; if it's clean, you're clean. If it finds something, it says what and the port.

[wybiral]

Real fun times is the fact that -on Linux machines- something like this will cause Steam to freeze and even crash certain games just by visiting the page: https://wybiral.github.io/steam-block/

Doesn't seem to affect Windows version though.