The setting is not shown in the preferences menu for a reason. A dodgy website serving malicious content from a HTTPS server is of course no safer than a HTTP server doing the same. But what isn’t always obvious is that most websites serve data loaded from many hosts to display a single webpage. One webpage could could consist of calls to five adservers, to analytical tracking servers and the server that delivers the actual content displayed on the webpage. There can be literally dozens of servers used to display one page on a large popular website.
The basic idea in not allowing mixed content is that unsafe HTTP code could be used to change the HTTPS code which would render HTTPS security useless.
The basic Mozilla explanation of mixed content can be found here.
Many thanks for that… I just knew it was really obvious 
Incidentally I wonder what the real danger is in blocking mixed content. The danger which a website poses is that it can serve you something dodgy. But HTTPS gives you no protection from that. If you want to build a website which serves malware, you just buy a certificate! You can even get a free HTTPS certificate from e.g. Start SSL. These certificate vendors are supposed to verify your identity but, ahem, shall we say, hmmmm… and how would I possibly know this?…. they don’t! Anybody can knock up an HTTPS website.
You can disable the default blocking of mixed HTTP and HTTPS content in Firefox by typing about:config in the address bar:
To permanently disable for all websites:
1. In the address bar, type “about:config” and press Enter.
2. Click the “I’ll be careful, I promise!” button.
3. In the search field, type “block_active”.
4. Set the value for the one search result (“security.mixed_content.block_active_content”) to “false”.
I won’t be doing this myself though as it might be fine for EuroGA but not for every website.
Not working for me, Diigo on an iPad 3
That did indeed work. I can see both of my videos.
Il give it a try
and
Chrome on my Android 4.2.2 phone: https invisible, http visible.
The solution to this is not including the protocol in the code. So instead of:
https://www.youtube.com/watch?v=d81TNNZBeRU
one uses:
//www.youtube.com/watch?v=d81TNNZBeRU
Modern browsers will then use the same protocol as is being used for the page.
I’ve updated the button on the toolbar so that when you paste in a video (with a protocol) it renders the embed code without it.
Is there anybody who cannot see the video(s) when they are definitely browsing EuroGA using HTTP i.e. going to http://euroga.org ?
I think there may be more than one issue here, but probably in all cases it is caused by a browser silently blocking mixed (HTTP and HTTPS) content. One explanation is here.
I can’t find where the config for this blocking is in Firefox or Chrome (does anybody know? – I’ve done a lot of googling and found no simple solution) but a fresh installation of Chrome which I never changed shows the videos OK if I use HTTP (the default you get if you simply go to euroga.org), but it does not show them if I use HTTPS.
But I can’t see any reason for using HTTPS to go to EuroGA. Who cares if the NSA or the GCHQ can see your browsing? At work, if your boss is monitoring your internet activity he will still see you accessing the euroga.org domain name…
Also this issue has come up only very recently…
That makes no difference for me on my phone
That is weird. What is the exact URL being used?
Can see with Safari 6.2 on MacOS 10.8.5.
