From fee888ad1547e70e371cf1a81378c013539815ca Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 18 Nov 2022 19:26:18 +0000
Subject: [PATCH] make 1241 inactive

this is redundant with HoM which as the name says is secure ONLY, including sub-resources
---
 user.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/user.js b/user.js
index aba713b..6edfef3 100644
--- a/user.js
+++ b/user.js
@@ -491,8 +491,8 @@ user_pref("security.remote_settings.crlite_filters.enabled", true);
 user_pref("security.pki.crlite_mode", 2);
 
 /** MIXED CONTENT ***/
-/* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/
-user_pref("security.mixed_content.block_display_content", true);
+/* 1241: disable insecure passive content (such as images) on https pages ***/
+   // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244)
 /* 1244: enable HTTPS-Only mode in all windows [FF76+]
  * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
  * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")