https security warning

Forum Moderators: phranque

Message Too Old, No Replies

https security warning

tonynoriega

4:34 pm on Aug 28, 2009 (gmt 0)

how can i find out what is prompting the https security warning when a user accesses my page via IE?

"do you want to view only the webpage content that was delivered securely?

this webpage contains content that will not be delivered using a secure https connection which could compromise the security of the entire webpage"

and if i find out what it is, can i fix it?

the only thing i can think of is the .swf file i have, or some javascript file... pretty vague eh?

bakedjake

4:38 pm on Aug 28, 2009 (gmt 0)

Pull up the source and search for "http://"... Usually I find it's an errant graphic.

Other option is to install httpwatch and monitor the connections the browser makes to the server. httpwatch costs money but well worth it.

Also, check for calls to third party analytics services, etc.

tonynoriega

4:54 pm on Aug 28, 2009 (gmt 0)

could you define errant graphic?

and yes, i call google analytics. am i out of luck on that one?

but its only on the home page which is confusing to me...

rocknbil

4:56 pm on Aug 28, 2009 (gmt 0)

Those are actually the easy knock offs. :-) The ones that get overlooked are:

Google Analytics - if your analytics code is making a request to the http urchin server over SSL, it will kick this error. Many say "just point it all to the secure one" but as you know SSL is slower due to encryption and this will slow down your pages. When dealing with SSL and server-side programming, it's easy to switch between the secure and non-secure urchin servers.

"normal" urchin server: [google-analytics.com...]
SSL urchin server: [ssl.google-analytics.com...]

Flash URL's - a) the download URL in the object /include code, or b) items being requested from Flash, such as a slide show, etc., that are requested via full http URL.

Here are some surprising sources [webmasterworld.com] of this alert you may never think of.

jdMorgan

5:12 pm on Aug 28, 2009 (gmt 0)

The How do I find the non-SSL things on my page? [webmasterworld.com] thread from yesterday may also be of some help.

Jim

tonynoriega

10:11 pm on Sep 1, 2009 (gmt 0)

Ok, i found the issue... it was the javascript used to embed the flash file.

so i went with swfobject, now the damn thing doesnt show on a MAC with FF?!?!

rocknbil

4:00 pm on Sep 2, 2009 (gmt 0)

It should, unless there is something wrong with the FF install. Do you have an error console on the FF install? Any messages there?

How are you implementing SWFObject? I ask because a common mistake is to do this:

In this case, the JS is trying to execute before the div for the Flash hasn't loaded yet, so it's trying to load the Flash in an object that doesn't exist. An easy fix is

insuring the referenced div is loaded before the JS. An even better method is to use window.onload() to load it externally, but moving it to the bottom before the closing body tag should suffice.

tonynoriega

6:12 pm on Sep 3, 2009 (gmt 0)

Perfect. That was it.

That was my "something new" learned today.
thanks