https and http on the same page without warning possible?

Forum Moderators: phranque

Message Too Old, No Replies

https and http on the same page without warning possible?

CrazyBigGaz

11:35 am on May 11, 2012 (gmt 0)

Hi,

I have a https page, but need to put in some http content on my CDN.

Is it possible to mix them when using [mydomain.com...]

As when I try in Internet Explorer I get a warning.
Is that anything I can put into my .htaccess file, or would I need to be looking at a PHP file using something like CURL to call the non http url. Like [mydomain.com...]

Then lock it down to use the [cdn.mydomain.com...] so it can not be abused.

The http content are javascript, images and css.

Regards,
Garry

lucy24

4:31 pm on May 11, 2012 (gmt 0)

It's hard to send the browser a convincing message saying "It's OK, really, I'm not doing anything dangerous". After all, it's the browser's job to look out for hanky-panky.

There are workarounds-- there's always a workaround-- but if you already have some https, it may be simpler just to keep everything as https. Ordinary content doesn't have to be http. It's just that it can be http.

g1smd

7:56 pm on May 11, 2012 (gmt 0)

If you hard code links to images or CSS or JS as http or as https you'll get "mixed security" warnings when the HTML page is requested as the other type. Use a link that begins with a leading slash and does not include protocol or hostname.