I've been searching for an arcane workaround for four weeks, ever since we first realized what Safari 9 was doing.
I represent tech support for an online school. The website our students log into is secure, but some curricular material is served in a frame from a content vendor, over http. We have no control over the way the vendor serves their content. This mixture of secure and insecure content has been a problem for several years, ever since browsers started blocking mixed content automatically and quietly, without a pop-up prompt.
Fortunately, we are able to instruct students on exactly what to click on in their browsers to allow the insecure content to load.
Prior to version 9, Safari didn't block mixed content at all.
Now, suddenly it mercilessly blocks mixed content, and there seems to be no way to modify that behavior. This initially resulted in a lot of confusion, and then frustration and anger, as we now have to instruct our users that they simply can't use Safari anymore.
Tell an average Mac user that they can't use Safari and their head explodes.
I've been desperately searching for any solution for modifying this behavior in Safari 9, and I'm frankly dismayed that Apple has not even mentioned the change in behavior, much less publicly addressed any of the concerns with it.
Before anyone suggest the self-righteous but unhelpful platitude "well you should just make sure you're serving all content over https", I'll reiterate that - like Jared - some of us do not have complete control over what's being served and from where.
Yes, the Internet would be better if everything was secure; duh. As long as it isn't, then our tools need to be adaptable.
I'm also surprised that there hasn't been more discussion about this issue in general.
I found the threads on Stack Overflow too; but beyond that, and a couple threads here, the Internet-at-large is surprisingly quiet about this.