Comment on DeviantArt Is Switching To HTTPS by danlev

The link to candyhippy.com in Candy's latest deviation, for instance:

Also the similar link in their deviantID widget.

Similarly, outgoing link to a smbhax.com page in my latest deviation:

and smbhax.com link in my deviantID. Oh, and in my comment signature. : o Also noticed it with a link in my blog widget, before I removed that widget.

I had contacted your support about this, and although they seemed a little confused, they sort of suggested it was a browser's "warning" about redirecting to an insecure site. It isn't--it's actually a Firefox bug; it doesn't happen in Chrome or Edge, and only happens in Firefox if the link is clicked directly, rather than copied and pasted. I made a Mozilla Support Forum thread about it

and a knowledgeable user there found a somewhat old Bugzilla entry about the underlying bug in Firefox that causes it to happen, and added a note to it that it is affecting outgoing links on dA:

"CSP upgrade insecure requests follow through to new (insecured) domains"

Hopefully they'll get it fixed at some point. = o