Loading FTP resources within web page is no longer allowed

Published: | Categories: DOM, Privacy & Security

Description

Firefox 61 and later will block HTTP(S) pages from loading resources from FTP servers. This security measure typically affects <img>, <script> and <iframe> elements with src="ftp://...". Those FTP resources can still be loaded if opened directly within the browser or any FTP page, and links to FTP servers are also not blocked. Given that Google Chrome has already made the change with the version 59 shipped in June 2017, the compatibility risk should be low.

The FTP support in Firefox might be deprecated in the future because of the insecurity, but there’s no concrete schedule at this time.

References