What's with: "Do you want to view only webpage content that was securely delivered"?

Discussion in 'HTML & Website Design' started by chrisj, Dec 4, 2013.

0
  1. #1
    What's with: "Do you want to view only the webpage content that was securely delivered?" dialog box, that goes on to say:
    "This web page contains content that will not be delivered using a secure https connection, which could compromise security for the entire webpage".

    I have a valid SSL, yet when the webpage is viewed, with https at the beginning of the url, images are missing, etc., but when viewed, with http at the beginning of the url, the page looks as it was designed to look.

    What's the remedy?
     
    chrisj, Dec 4, 2013 IP
  2. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,999
    Best Answers:
    253
    Trophy Points:
    515
    #2
    Apparently, the universe doesn't like your peas mixed with it's porridge -- R. Lutece

    Which in this case means that if you are going to serve ANYTHING as HTTPS, you have to serve ALL of it as HTTPS -- you cannot mix and match. That error comes up when a https page has http content -- you can't do that. EVER. HTTP content has no security, compromising any page it's on when it comes to SSL.

    The remedy is to make sure that EVERYTHING you link to on the page -- images, css, scripts, videos, audio, etc, is served from the SAME server via https. Once you go HTTPS you can't have ANYTHING on the page that's http or even served by a different server and expect it to be secure! EVER! ... hence the warning.

    Though you can fake it by making it LOOK like it's all coming from the same domain...
     
    deathshadow, Dec 4, 2013 IP
  3. chrisj

    chrisj Well-Known Member

    Messages:
    606
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    101
    #3
    Thanks for your reply.
    At the top of the web page script page shows this:

    
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title></title>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
    Code (markup):
    Should these http references (above) be modified? I ask that because you stated "you can't have ANYTHING on the page that's http..."

    If this code needs to be changed, can you tell me how, please?
    Thanks
     
    chrisj, Dec 5, 2013 IP
  4. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,999
    Best Answers:
    253
    Trophy Points:
    515
    #4
    The namespace, doctype and content-type are not includes, so they have nothing to do with it. Pretty much you want check/modify anything in LINK, SCRIPT, EMBED, APPLET, OBJECT or IMG tags, as well as anything in your CSS or being dynamically loaded by your scripts.

    Well, NOT that you should have APPLET in your code unless it was written before 1998... or EMBED for the same reasons no matter what the HTML5-tards say.
     
    deathshadow, Dec 6, 2013 IP