Mozilla Firefox 70 : If codeupgrade-insecure-requests/code was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.