homepage Welcome to WebmasterWorld Guest from 54.204.128.190
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Browsers / Google Chrome Browser
Forum Library, Charter, Moderator: open

Google Chrome Browser Forum

    
https not always green in Chrome
Even if the page is secure
Marshall




msg:4428022
 5:46 am on Mar 12, 2012 (gmt 0)

I have noticed in Chrome with https pages that even though everything is secure (my order form pages for example), the https will appear red with a line through it. This will happen on a page that shows green then, say on refresh or re-visit, will not though nothing has changed. I tried it once with a blank page and it did the same thing.

Is it just me or is does this happen to you?

Marshall

 

rocknbil




msg:4434092
 8:04 pm on Mar 27, 2012 (gmt 0)

Marshall, this is kismet - I'm coming here to explore this very same issue, with a few more details, and a twist.

Visualize two pages, and given that the secure page often uses the same resources over https as http - a header image, for example. Let's call the may-or-may-not-be-all-secure page /about, and the secure page /purchase.

Browse to https.... /purchase, everything is fine, green light on secure items. Use a link or even make a direct request back to /about, and you get a mixed content error. On this page is a link back to /purchase, but you don't even have to do that - change the URL to /purchase in the address bar.

The previously secure page now displays insecure items (and Chrome doesn't make it easy to tell you what they are). WTH?

Basically it caches the insecure items from the previous page state, but only in the context of that tab (as I understand it, anyway . . . )

I've done some searching and this is due to caching, there are many proposed fixes (clear history, open a new tab, whatever) but the really BIG problem with this is the average user won't have a clue how to do any of this or know what it means. Insecure = bad, close and shop elsewhere.

A little more info: By using the Javascript console on the mixed insecure page, I can see the insecure items. Okay. Now go to the secure page, and use the Javascript console. There are no insecure items listed. But Chrome still errors the page as "insecure."

Has anyone solved this to any reliable degree? With Chrome gaining market share, it's become the "new I.E." in terms of the thorn in a developers bum . . . .

Marshall




msg:4434099
 8:17 pm on Mar 27, 2012 (gmt 0)

Short of putting in page cache tags, or as I would do in .asp:

<% Response.CacheControl = "no-cache" %>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>

I don't have a quick solution. And while I did not give what you said about caching any thought before, the pages I do have the above tags in always show secure. That being said, you may be onto something. And I do agree, I do not like the fact Chrome does not say why the page is not secure. At least IE asks if you want to display the non-secure items.

Marshall

rocknbil




msg:4434101
 8:24 pm on Mar 27, 2012 (gmt 0)

Ah, bits I left out. This is recently moved to a nginx server (from linux) with no-cache headers and cachebuster code added to all resources (you know, like img.jpg?u=123345 that changes for each user.) There is literally no cachebusting efforts we can do server side to get around it, we've tried. It's all on Chrome.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Google Chrome Browser
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved