Mixed content - https vs http

Similar Messages

• Mixed content - https and http

  Guys and Gals -
  I have a page that has mixed content - http and https. Users talk to my webserver
  using https, which talks to the portal server using http.
  The browser popups a warning saying that the site has mixed content. Is there
  any way to prevent this warning from coming up? Anything I can do using a proxy
  or something else?
  Thanks
  Niks

  Neeraj Harlalka wrote:
  It's probably not because your webserver is talking to App server on
  http connection. It could be some images being referrenced from the
  browser using non-secured protocol. Try using absolute path or code URLs
  using jsp tags.
  hope it helps
  Guys and Gals -
  I have a page that has mixed content - http and https. Users talk to my webserver
  using https, which talks to the portal server using http.
  The browser popups a warning saying that the site has mixed content. Is there
  any way to prevent this warning from coming up? Anything I can do using a proxy
  or something else?
  Thanks
  Niks

• Looking for a HTTPS/HTTP mixed content "sniffer" tool

  I am hoping someone here can help me out. I am looking for a tool/addon that can point out exact what on the page is triggering a mixed content error. The browser will tell me that something on the page is not secure, but it won't tell me where or what the non secure item is so I can fix it.
  Here is my recent example of this problem.
  I had a issue with a HTTPS page with a doubleclick tracking pixel on it. It was a standard tracking pixel iframed on to the page and the page iframed was HTTPS with no cert problems. It turned out that the page being iframed has a javascript call that was HTTP and this was triggering the mixed content error.
  Unfortunately it took me almost two days to figure out the page being iframed was making the non-ssl call, not anything on the site.
  If anyone here could help me find a tool or point to a browser feature that I don't know about that could help me sniff out these mixed content error faster you would make my life so much easier.

  You can glean a little more information from Firefox's Browser Console (Ctrl+Shift+j). Mixed content blocks generate a log entry in the security category. If you enter mix in the filter box in the upper right of the console, that should help drill down on the message. (Screen shot example attached.)
  Now... you still need to figure out what is generating the request, but hopefully this will help.

• Https site with no mixed content and EV cert is shown as mixed and not identifiying itself

  My site https:orderform page contains only https images and website has an EV cert that is valid and current. With history cleared and visiting page for first time Firefox reports that page contains mixed content and that site does not identify iteself.
  Hitting F5 to refresh the page address bar correctly shows green with no mixed content popup and that side idenfies itself.
  SSLCertificateChainFile has been added and this makes no difference.
  Problem does not occur in other browsers (IE, Safari, Chrome).
  A new FF profile has been tried but same problem occurs.
  Why would refeshing the page work?
  Problem affects all firefox browsers 3.5 to 14.01. I dont know about those <3.5.
  I have read and tried most suggestions in forum and elsewhere but cant find a solution.
  I have not provided the url as this is my order page and its important for me to see genuine visitors.

  First a reply to Jsher2000
  Thank you for your suggestions. Yes and Yes did this ages ago but no non-https content.
  I have found a workaround for what appears to be a bug in Firefox:-(
  Here is the non-perfect workaround. First Detect firefox
  xUA=navigator.userAgent.toLowerCase()
  xFf=xUA.indexOf('firefox')!=-1
  if(xFf) top.location.href='https://ord.html'
  else top.location.replace( 'https://ord.html' )
  The current non-secure page is being replaced with a secure one.
  Internet Quote:
  "The difference between location.href and location.replace is that the former creates a new history entry on the visitor's browser meaning that if they hit the back button, they can get in a 'redirection loop' which is usually undesirable and may have unwanted side effects."
  It appears that FF is using some content (cached) from the previous non-secure page when replacing - leading to the mixed content and non-identified site. An F5 refresh or reload of current page will show that site identifies iteself and there is no mixed content.
  In summary its a Firefox Bug.

• Complex Element with Mixed Content problem!!!!1

  Hi All,
  I have a scenario where complex XSD element has mixed content.i.e  it has text and elements. How to deal with it in XI.When i create any complex type in XI i cannot add text to it,i will be able to add only elements enclosed by that complex node. Any ideas on how to get across in Graphical Mapping.
  Regards,
  Sudharshan.
  Message was edited by: Sudharshan Aravamudan

  Hi Sudharshan,
  I dont think it is possible to create such elements in XI. As far as i know a complex element can only contain more nodes of varying occurences, but not some information of it self.
  Just check out these links,
  http://help.sap.com/saphelp_nw04/helpdata/en/3b/d2a3f7a166514abb8cf5635b71974f/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/2d/c7d9b2d9f138439482a8fafb91f047/content.htm
  I guess the format you are trying to create is actaually something that XI doesnt support.
  Do let me know if you got further queries,
  hope this helps,
  regards,
  Bhavesh

• Drag mix content to InDesign CS6

  Hi,
  I know we can drag drop file and bitmap content from CS Extension to InDesign which is given here. But I have a different scenerio where I've some mix content shown in Tile list i.e. one image and 3 lables which I need to drag from Panel and drop in InDesign file. There was some dicussion around it in http://forums.adobe.com/message/4154591
  I'm trying the way is:
  public function handlePureFlashFileDragStart(event:Event):void
                 var clip:Clipboard = new Clipboard();
                 clip.setData(ClipboardFormats.FILE_LIST_FORMAT, event.currentTarget.selectedItems);
                 var allowedActions:NativeDragOptions = new NativeDragOptions();
                 allowedActions.allowLink = false;
                 NativeDragManager.doDrag(event.currentTarget as InteractiveObject, clip);
  But I'm getting the error below
  TypeError: Error #1034: Type Coercion failed: cannot convert __AS3__.vec::Vector.<Object>@2845a731 to Array.
            at flash.desktop::Clipboard/convertFlashFormat()
            at flash.desktop::Clipboard/setData()
            at controllar::ApplicationControllar/handlePureFlashFileDragStart()[/Users/z013j4k/Documents/DCP_Projects_CS6/CatalogPagination/src/controllar/ApplicationControllar.as:67]
            at components::ProductsTab/___ProductsTab_List1_mouseDown()[/Users/z013j4k/Documents/DCP_Projects_CS6/CatalogPagination/src/components/ProductsTab.mxml:9]
            at flash.events::EventDispatcher/dispatchEventFunction()
            at flash.events::EventDispatcher/dispatchEvent()
            at mx.core::UIComponent/dispatchEvent()[E:\dev\hero_private\frameworks\projects\framework\src\mx\core\UIComponent.as:13128]
            at mx.managers::WindowedSystemManager/mouseEventHandler()[E:\dev\hero_private\frameworks\projects\airframework\src\mx\managers\WindowedSystemManager.as:2344]
  I'm not sure how can we get that done . Can some one help me out on this ?
  Thanks
  Mac

  Hi Marc,
  I think setData is expecting to be passed an array of File objects (see: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/desktop/Clipboard .html). From the stacktrace it sounds like you're trying to pass in a vector of objects. To debug this I would change the code to simply pass in a new array containing one file irregardless of what is selected in the list, make sure that works, and then try using the selected items. If you do have a vector rather than an array then you can convert it by creating a new array and iterating over the vector elements, adding each to the array.
  Hope that helps,
  --Louis

• Mixed Content Error in Application Preview

  Apologies if this has already been addressed. I searched the messages but didn't find one covering this issue.
  When I run a UI5 application in preview from the Web IDE I am getting the following error when I try to call an OData service via HTTP.
  Mixed Content: The page at 'https://webidetestingrxxxnnn.dispatcher.us1.hana.ondemand.com/inde…ashboard&origional-url=index.html&sap-ui-language=en&sap-ui-xx-fakeOS=ipad' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://sapsn1.nnn.com:8000/sap/opu/odata/sap/Z_HR_PEND_APPROVALS_SRV/$metadata?sap-client=020'. This request has been blocked; the content must be served over HTTPS.
  I'm checking with the Gateway team to see if we can get the service available via HTTPS, but I was wondering if there was any configuration option in the HCP cockpit or Web IDE to override this restriction.
  Thanks,
  Dave

  How is the service added to the project?
  Like Maksim suggested, a destination and mapping can be used. Perhaps you've already have done so, but services can be used to create projects with destination usage from Web IDE templates.
  Using an example of an on-premise front-end ABAP system with Gateway components,
  Create a service in the on-premise system
  Use SAP Cloud Connector to connect the on-premise system with SAP HANA Cloud Platform
  Configure a destination for the on-premise system in HCP
  Create a project from template (Fiori, SAPUI5, etc) in Web IDE using the destination and service endpoint
  The destination and mapping are automatically generated in the project.
  Regards,
  Scott

• Mixed Content XML

  I am trying to load an XML file which has a mixed content
  model. Here is an example:
  <?xml version="1.0" encoding="utf-8"?>
  <tag1>This is my<tag2>XML</tag2>
  sample</tag1>
  This is XML data and not HTML data.
  Here's my App.
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="
  http://www.adobe.com/2006/mxml"
  layout="absolute">
  <mx:XML id="tempXML" source="file:///c:/flex/sample.xml"
  />
  </mx:Application>
  I get the following messages:
  Encountered "<tag2>" at line 2, column 17. Was
  expecting: Non-MXML language element ...
  Problem parsing external XML: file:/c:/flex/sample.xml
  Are there workarounds/fixes for this issue? This is valid XML
  and I want to be able to use it to populate data grids and I also
  want to be able to display the XML in a TextArea.

  Let's not give up here. The problem is that you have HTML
  inside of an XML structure and the HTML, because its syntax is just
  like XML, cannot be distinguished by the XML parser. The proper way
  to get your HTML embedded in the XML is to use CDATA. So whoever
  created the XML didn't take that into account.
  I gave this a bit more thought. This will work ONLY if the
  HTML inside of the XML is always complete. No <br> tags
  without a </br>; no <p> without </p> etc. as that
  won't be readable by the XML parser.
  Once you've got your XML structure in Flex, you can get all
  of the <something> items like this:
  var somethings:XMLList = xmlvar.something;
  Now you have an XMLList - an Array of XML structures. This
  means somethings[0] is "some text" but somethings[1] is an XML node
  with a sub-structure which includes the <b> node. I hope you
  are withme so far.
  Now try this: var sometext:String = XML( somethings[1]
  ).toString();
  The toString() method should flatten the contents back into a
  string and you can assign that to the htmlText property of the
  control.
  As I said, your XML has to be perfect for this to work. Or
  you have to convince the author(s) of the XML to use CDATA to
  enclose the HTML.

• How to stop the mixed-content Yes/No question every time you log in or change screens.

  Since the new VZW forum format when I log in or change screens I have been asked if I want to accept content that was not sent encrypted (HTTPS:\).  See attached photo to see what I mean.
  Speaking for myself, I found this very annoying so here is how to stop it if you are using Windows Internet Explorer.
  Bring up Windows Internet Explorer.  I use IE8 and it fixed mine.
  Then go to TOOLS>Internet Options and Select the Security Tab.  Then Click the Custom Level button.  Next go down through the list in the Miscellaneous Section and change "Display Mixed Content" to ENABLE.
  Hope this makes your day a bit brighter, it did mime!
  JerryF
  If you want to see more about this you can look here.
  http://blogs.msdn.com/b/askie/archive/2009/05/14/mixed-content-and-internet-explorer-8-0.aspx

  jco23,
  Go back and again check to see that it is ENABLED.
  I say this because the first time I "tried" to enable it, it didn't enable it.  I tried again and discovered that I did NOT do the proper exit procedure when closing (leaving) the miscellaneous list after I changed it to enabled.  Oh dopey me!!!
  The second time it worked.
  JerryF

• Using RSLs results in a mixed content warning in Chrome?  When did this start happening?

  Hello All,
  We've got a secure (delivered via HTTPS) Flex app that has been using RSLs for years.  Just today, I noticed that Chrome was showing a "mixed content" warning for our app.
  We're not getting this same warning in IE or Firefox.  I poured over the requests in Chrome's developer tools, and there were only two HTTP requests:
  http://fpdownload.adobe.com/pub/swz/crossdomain.xml
  http://fpdownload.adobe.com/crossdomain.xml
  These both appear related to the Adobe hosted Flex RSLs.
  I changed my compilation options to merge libraries into code (no RSLs).  As soon as I did this, the mixed content warning in Chrome went away (and so did these two HTTP requests).  Switch back to RSLs, and the mixed content warning comes back (along with the two HTTP requests).
  Turning off RSLs makes my app quite a bit fatter--over 600kb fatter.  That's a lot.  I want to use RSLs, like we've been doing in the past!  How can this be fixed?
  Chrome Version: 22.0.1229.94 m
  Flash Player Version: 11.4.31.110
  OS Version: Windows 7, 64 bit
  Complete User-Agent string:
  Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

  After looking through the Build->Properties->Flex Build Path->Library Path settings, I found that the RSLs each have a "Deployment Path/URL" and "Policy file URL" value.  For instance, for the text layout RSL, we've got:
  Deployment Path/URL: http://fpdownload.adobe.com/pub/swz/tlf/1.0.0.595/textLayout_1.0.0.595.swz
  Policy file URL: http://fpdownload.adobe.com/pub/swz/crossdomain.xml
  I went through each of the RSLs and changed both deployment and policy URLs to use HTTPS.
  Once I did this, the mixed content warning in Chrome stopped showing up.
  But I'm still at a loss as to why this started happening in the first place.  As I indicated in my original post, we've had this app running for years and this is the first we've noticed a mixed content warning in any browser.  What's going on?
    -Josh

• Can't view a website, issue related to mixed content blocking

  Hello,
  I am having trouble viewing the website below in Firefox. This is Basic Talk, which is basically internet phone service, similar to Vonage. But it's cheaper and sold at Walmart. Was wondering why I could pull up their website just fine on my cell phone, but couldn't get it up on Firefox (or IE for that manner). In order to set up my account with them, I had to do it completely online via my cell phone. But after doing some research I came across some info in the Firefox Bugzilla support forums. And it appears this issue is related to the "Mixed Content Blocking" issues. I've tried viewing the site via "http" and "https" and neither way works in Firefox. But again, via my cellphone, just fine. If you all could please look into this and provide me further details with how I can view and access this site. I would greatly appreciate it.
  https://www.basictalk.com
  Thanks
  Shirley

  Firefox 3 versions do not have mixed content blocking features, so if this happens with the 3.6.27 version that shows in the System Details List and also in other browsers like IE then something else is wrong.
  *http://kb.mozillazine.org/Error_loading_websites
  You can try to reset (power off/on) the router.

• How can I turn off Mixed Content Blocking via script for an enterprise?

  Users in our enterprise (2,000+ clients) have to manually allow an MCB exception when using an in-house application every time we use it. I have exported the registry, made the change to mixed content blocking active content in about:config, and then re-exported the registry and have been unable to find any changes in the registry. Therefore, I am out of ideas as to how to deploy a package from Configuration Manager (Microsoft's enterprise client management) to disable this feature so people can work unhindered by Firefox.
  Currently we are getting around this by telling our users to NOT use Firefox. This will be a make or break for this browser in our environment.

  Preferences are stored in the ''prefs.js'' file under the user's profile folder. Barring any third-party tools, the registry doesn't have anything to do with it.
  * [[Profiles - Where Firefox stores your bookmarks, passwords and other user data]]
  You can modify preferences for a Firefox installation, which would affect all users running that copy. The preference you'll want to modify is ''security.mixed_content.block_active_content'' (set to '''true''' by default).
  * http://kb.mozillazine.org/Locking_preferences

• Firefox Security Certificate reports mixed content on secure page: Production & Nightly

  Hi Firefox,
  I’ve been doing some searching but have been unable to find this issue being discussed in a similar case.
  We (the University of Toronto) are running Microsoft’s Office365 service to provide email to our students. The security issue presents itself after several seconds after the OWA page loads and occurs regardless of user activity on the page.
  Initially, as the page loads, the browser indicates that the site is secure. Shortly thereafter the browser indicates that there are insecure elements on the page. However, from our diagnostics (Firefox developer tools, Firebug, Wireshark) we cannot identify any non-encrypted traffic. We have contacted Microsoft support and they have assured us that our connections to their servers are secure.
  The issue presents shortly after loading the inbox view of OWA. Initially the page is shown as being secure:
  [Figure1: page secure notice] [Figure2: Security details when secure]
  However shortly after the page loads, with no user action, the indicator will change to show the page has security issues.
  [Figure 3: Mixed content warning] [Figure 4: Security Details]
  The indication is that there is a problem with mixed content. The certificate is unchanged.
  [Figure 5: Certificate Details]
  The problem has been reproduced as of May 6, 2014 on a fully patched version of Windows 8.1 running a clean install of nightly; on a fully patched Windows 7 running a clean install of production Firefox 29.0; and on OSX 10.9.2 on a factory reset re-install of production 29.0.
  I’m wondering if anyone can shed any light on this behavior and advise a path to incorporate corrective action into subsequent releases of Firefox?
  Thanks in advance,
  Luke

  Plenty of things show, however the page is still shown as secure after all activity stops in the console the page is still secure.
  These are the last for console events:
  POST https://pod51030.outlook.com/owa/service.svc [HTTP/1.1 200 OK 160ms]
  POST https://pod51030.outlook.com/owa/service.svc [HTTP/1.1 200 OK 200ms]
  POST https://pod51030.outlook.com/owa/service.svc [HTTP/1.1 200 OK 160ms]
  POST https://pod51030.outlook.com/owa/service.svc [HTTP/1.1 200 OK 1072ms]
  a few seconds later is when the warning indicator appears. There is no console event around this time.

• Firefox 23 and mixed content

  The Firefox 23 release notes claim that mixed content pages are now blocked. The Mozilla Messaging Forum for Thunderbird support has mixed content, but it is not blocked. Why say that sites with mixed content are blocked if they are not? The URL:
  http://getsatisfaction.com/mozilla_messaging/topics

  Firefox has two prefs to control mixed content.
  *security.mixed_content.block_active_content
  *security.mixed_content.block_display_content
  Only block_active_content is currently set to true by default. block_display_content is still false, so thing like images aren't blocked.
  *Web Console (Firefox/Tools > Web Developer;Ctrl+Shift+K)
  *https://developer.mozilla.org/en/Security/MixedContent
  *http://kb.mozillazine.org/about:config
  <pre><nowiki>Blocked loading mixed display content "http://www.mozilla.org/thunderbird/img/tb5/page-background.png" @ https://getsatisfaction.com/mozilla_messaging/topics
  Blocked loading mixed display content "http://www.mozilla.org/thunderbird/img/tb5/title.png" @ https://getsatisfaction.com/mozilla_messaging/topics
  Blocked loading mixed display content "http://mozilla.org/img/covehead/template/title.png" @ https://getsatisfaction.com/mozilla_messaging/topics</nowiki></pre>

• SSL says mixed content but this is not true

  Hello,
  On my site with SSL certificate installed Firefox (v35) says it is mixed content and shows the warning icon next to the https://
  However both in Chrome and IE (both latest version) it works just fine and there is no such warning.
  I've checked the page in every way I can think of and there is simply no http:// resource loaded
  URL: https://affiliatesk.<i></i>in/accountsetup/light?jvpreview=1
  I believe this is a FF bug.

  hello, the firefox web console shows that the content from youtube is embedded through an insecure http-connection...