SSL, IE6, & "Mixed Content"

Similar Messages

• SSL says mixed content but this is not true

  Hello,
  On my site with SSL certificate installed Firefox (v35) says it is mixed content and shows the warning icon next to the https://
  However both in Chrome and IE (both latest version) it works just fine and there is no such warning.
  I've checked the page in every way I can think of and there is simply no http:// resource loaded
  URL: https://affiliatesk.<i></i>in/accountsetup/light?jvpreview=1
  I believe this is a FF bug.

  hello, the firefox web console shows that the content from youtube is embedded through an insecure http-connection...

• Looking for a HTTPS/HTTP mixed content "sniffer" tool

  I am hoping someone here can help me out. I am looking for a tool/addon that can point out exact what on the page is triggering a mixed content error. The browser will tell me that something on the page is not secure, but it won't tell me where or what the non secure item is so I can fix it.
  Here is my recent example of this problem.
  I had a issue with a HTTPS page with a doubleclick tracking pixel on it. It was a standard tracking pixel iframed on to the page and the page iframed was HTTPS with no cert problems. It turned out that the page being iframed has a javascript call that was HTTP and this was triggering the mixed content error.
  Unfortunately it took me almost two days to figure out the page being iframed was making the non-ssl call, not anything on the site.
  If anyone here could help me find a tool or point to a browser feature that I don't know about that could help me sniff out these mixed content error faster you would make my life so much easier.

  You can glean a little more information from Firefox's Browser Console (Ctrl+Shift+j). Mixed content blocks generate a log entry in the security category. If you enter mix in the filter box in the upper right of the console, that should help drill down on the message. (Screen shot example attached.)
  Now... you still need to figure out what is generating the request, but hopefully this will help.

• When webpages contain mixed content, does (or can) Firefox block content from unsecure sources?

  When secure webpages (those using SSL) contain content from non-SSL sources, Internet Explorer 8 and 9 ask if you want to view only the content that was delivered securely. I haven't been able to find a similar prompt in Firefox. I know of three possible explanations:
  1. Firefox does not offer protection against mixed content. I hope this isn't the case!
  2. Firefox has a setting I haven't found.
  3. Firefox may offer the protection but in a different manner than Internet Explorer.

  Firefox doesn't and can't block content coming via an insecure connection in that case, but you can get a warning.
  The settings for the warning messages have been removed from the user interface (Bug 513166).<br />
  You need to change the related security.warn_* prefs directly on the <b>about:config</b> page.<br />
  Filter: security.warn_viewing_mixed

• Working with mixed-content XML

  Am new to Flex 2 and AS 3 but well versed in XML and related
  technologies. This is my first time posting to the forum.
  I have a simple Flex application that loads an external XML
  file via HTTPService and binds the XML to some MXML form controls.
  This works well as long as the XML element contains simple text,
  but breaks when the element contains a mixture of text and other
  elements (e.g. mixed-content).
  <something>some text</something> (Fine)
  <something>some <b>bold</b>
  text</something> (Breaks).
  Just wondering if anyone has could point me to an example of
  a Flex application interpreting mixed content XML. I've looked at
  various forums and in books and there isn't a lot on the subject
  from what I can see. Most of the XML examples I've found use flat,
  database/table-style XML which don't suit my purposes.
  Thanks
  Heather

  Let's not give up here. The problem is that you have HTML
  inside of an XML structure and the HTML, because its syntax is just
  like XML, cannot be distinguished by the XML parser. The proper way
  to get your HTML embedded in the XML is to use CDATA. So whoever
  created the XML didn't take that into account.
  I gave this a bit more thought. This will work ONLY if the
  HTML inside of the XML is always complete. No <br> tags
  without a </br>; no <p> without </p> etc. as that
  won't be readable by the XML parser.
  Once you've got your XML structure in Flex, you can get all
  of the <something> items like this:
  var somethings:XMLList = xmlvar.something;
  Now you have an XMLList - an Array of XML structures. This
  means somethings[0] is "some text" but somethings[1] is an XML node
  with a sub-structure which includes the <b> node. I hope you
  are withme so far.
  Now try this: var sometext:String = XML( somethings[1]
  ).toString();
  The toString() method should flatten the contents back into a
  string and you can assign that to the htmlText property of the
  control.
  As I said, your XML has to be perfect for this to work. Or
  you have to convince the author(s) of the XML to use CDATA to
  enclose the HTML.

• Complex Element with Mixed Content problem!!!!1

  Hi All,
  I have a scenario where complex XSD element has mixed content.i.e  it has text and elements. How to deal with it in XI.When i create any complex type in XI i cannot add text to it,i will be able to add only elements enclosed by that complex node. Any ideas on how to get across in Graphical Mapping.
  Regards,
  Sudharshan.
  Message was edited by: Sudharshan Aravamudan

  Hi Sudharshan,
  I dont think it is possible to create such elements in XI. As far as i know a complex element can only contain more nodes of varying occurences, but not some information of it self.
  Just check out these links,
  http://help.sap.com/saphelp_nw04/helpdata/en/3b/d2a3f7a166514abb8cf5635b71974f/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/2d/c7d9b2d9f138439482a8fafb91f047/content.htm
  I guess the format you are trying to create is actaually something that XI doesnt support.
  Do let me know if you got further queries,
  hope this helps,
  regards,
  Bhavesh

• How can I whitelist specific URLs to disable mixed content blocking? (New Feature in FF23)

  For a few of the enterprise products I use, the mixed content blocker disables my ability to use these tools. While I understand I can toggle to allow mixed-content -- I would like to be able to whitelist the URLs that I use regularly that I don't want content blocking enabled. Is this possible?

  the content toggle button works but is not really the solution for enterprise products. A white-list would be a real good solution...
  So I add a my white-list request here too

• Drag mix content to InDesign CS6

  Hi,
  I know we can drag drop file and bitmap content from CS Extension to InDesign which is given here. But I have a different scenerio where I've some mix content shown in Tile list i.e. one image and 3 lables which I need to drag from Panel and drop in InDesign file. There was some dicussion around it in http://forums.adobe.com/message/4154591
  I'm trying the way is:
  public function handlePureFlashFileDragStart(event:Event):void
                 var clip:Clipboard = new Clipboard();
                 clip.setData(ClipboardFormats.FILE_LIST_FORMAT, event.currentTarget.selectedItems);
                 var allowedActions:NativeDragOptions = new NativeDragOptions();
                 allowedActions.allowLink = false;
                 NativeDragManager.doDrag(event.currentTarget as InteractiveObject, clip);
  But I'm getting the error below
  TypeError: Error #1034: Type Coercion failed: cannot convert __AS3__.vec::Vector.<Object>@2845a731 to Array.
            at flash.desktop::Clipboard/convertFlashFormat()
            at flash.desktop::Clipboard/setData()
            at controllar::ApplicationControllar/handlePureFlashFileDragStart()[/Users/z013j4k/Documents/DCP_Projects_CS6/CatalogPagination/src/controllar/ApplicationControllar.as:67]
            at components::ProductsTab/___ProductsTab_List1_mouseDown()[/Users/z013j4k/Documents/DCP_Projects_CS6/CatalogPagination/src/components/ProductsTab.mxml:9]
            at flash.events::EventDispatcher/dispatchEventFunction()
            at flash.events::EventDispatcher/dispatchEvent()
            at mx.core::UIComponent/dispatchEvent()[E:\dev\hero_private\frameworks\projects\framework\src\mx\core\UIComponent.as:13128]
            at mx.managers::WindowedSystemManager/mouseEventHandler()[E:\dev\hero_private\frameworks\projects\airframework\src\mx\managers\WindowedSystemManager.as:2344]
  I'm not sure how can we get that done . Can some one help me out on this ?
  Thanks
  Mac

  Hi Marc,
  I think setData is expecting to be passed an array of File objects (see: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/desktop/Clipboard .html). From the stacktrace it sounds like you're trying to pass in a vector of objects. To debug this I would change the code to simply pass in a new array containing one file irregardless of what is selected in the list, make sure that works, and then try using the selected items. If you do have a vector rather than an array then you can convert it by creating a new array and iterating over the vector elements, adding each to the array.
  Hope that helps,
  --Louis

• Mixed Content Error in Application Preview

  Apologies if this has already been addressed. I searched the messages but didn't find one covering this issue.
  When I run a UI5 application in preview from the Web IDE I am getting the following error when I try to call an OData service via HTTP.
  Mixed Content: The page at 'https://webidetestingrxxxnnn.dispatcher.us1.hana.ondemand.com/inde…ashboard&origional-url=index.html&sap-ui-language=en&sap-ui-xx-fakeOS=ipad' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://sapsn1.nnn.com:8000/sap/opu/odata/sap/Z_HR_PEND_APPROVALS_SRV/$metadata?sap-client=020'. This request has been blocked; the content must be served over HTTPS.
  I'm checking with the Gateway team to see if we can get the service available via HTTPS, but I was wondering if there was any configuration option in the HCP cockpit or Web IDE to override this restriction.
  Thanks,
  Dave

  How is the service added to the project?
  Like Maksim suggested, a destination and mapping can be used. Perhaps you've already have done so, but services can be used to create projects with destination usage from Web IDE templates.
  Using an example of an on-premise front-end ABAP system with Gateway components,
  Create a service in the on-premise system
  Use SAP Cloud Connector to connect the on-premise system with SAP HANA Cloud Platform
  Configure a destination for the on-premise system in HCP
  Create a project from template (Fiori, SAPUI5, etc) in Web IDE using the destination and service endpoint
  The destination and mapping are automatically generated in the project.
  Regards,
  Scott

• Mixed content - https vs http

  In the browser Chrome, after going to a website starting with https://, it gave me the below message:
  Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'. This request has been blocked; the content must be served over HTTPS.
  Which is good but in Firefox, it doesn't recognize this issue which should.
  Can you please update Firefox browser to recognize the issue and give us a proper message like Chrome does?

  I think all browsers allow you to leave a secure page for an insecure page (from HTTPS link to HTTP link) without a warning, otherwise you would go crazy using Google and other search engines that use HTTPS. There is an exception for when a form is being submitted from a secure page to an insecure page: then you definitely should get a warning that your submission isn't being encrypted.
  What Firefox and other browsers now pay closer attention to is content pulled ''into'' the page, treating some as high risk (such as scripts) and some as low risk (such as JPEG images). You can adjust Firefox's settings to block this lower risk "display" content if you like. (It requires switching the security.mixed_content.block_display_content preference from false to true in the about:config preferences editor.)

• Mixed content - https and http

  Guys and Gals -
  I have a page that has mixed content - http and https. Users talk to my webserver
  using https, which talks to the portal server using http.
  The browser popups a warning saying that the site has mixed content. Is there
  any way to prevent this warning from coming up? Anything I can do using a proxy
  or something else?
  Thanks
  Niks

  Neeraj Harlalka wrote:
  It's probably not because your webserver is talking to App server on
  http connection. It could be some images being referrenced from the
  browser using non-secured protocol. Try using absolute path or code URLs
  using jsp tags.
  hope it helps
  Guys and Gals -
  I have a page that has mixed content - http and https. Users talk to my webserver
  using https, which talks to the portal server using http.
  The browser popups a warning saying that the site has mixed content. Is there
  any way to prevent this warning from coming up? Anything I can do using a proxy
  or something else?
  Thanks
  Niks

• Mixed Content XML

  I am trying to load an XML file which has a mixed content
  model. Here is an example:
  <?xml version="1.0" encoding="utf-8"?>
  <tag1>This is my<tag2>XML</tag2>
  sample</tag1>
  This is XML data and not HTML data.
  Here's my App.
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="
  http://www.adobe.com/2006/mxml"
  layout="absolute">
  <mx:XML id="tempXML" source="file:///c:/flex/sample.xml"
  />
  </mx:Application>
  I get the following messages:
  Encountered "<tag2>" at line 2, column 17. Was
  expecting: Non-MXML language element ...
  Problem parsing external XML: file:/c:/flex/sample.xml
  Are there workarounds/fixes for this issue? This is valid XML
  and I want to be able to use it to populate data grids and I also
  want to be able to display the XML in a TextArea.

  Let's not give up here. The problem is that you have HTML
  inside of an XML structure and the HTML, because its syntax is just
  like XML, cannot be distinguished by the XML parser. The proper way
  to get your HTML embedded in the XML is to use CDATA. So whoever
  created the XML didn't take that into account.
  I gave this a bit more thought. This will work ONLY if the
  HTML inside of the XML is always complete. No <br> tags
  without a </br>; no <p> without </p> etc. as that
  won't be readable by the XML parser.
  Once you've got your XML structure in Flex, you can get all
  of the <something> items like this:
  var somethings:XMLList = xmlvar.something;
  Now you have an XMLList - an Array of XML structures. This
  means somethings[0] is "some text" but somethings[1] is an XML node
  with a sub-structure which includes the <b> node. I hope you
  are withme so far.
  Now try this: var sometext:String = XML( somethings[1]
  ).toString();
  The toString() method should flatten the contents back into a
  string and you can assign that to the htmlText property of the
  control.
  As I said, your XML has to be perfect for this to work. Or
  you have to convince the author(s) of the XML to use CDATA to
  enclose the HTML.

• Https site with no mixed content and EV cert is shown as mixed and not identifiying itself

  My site https:orderform page contains only https images and website has an EV cert that is valid and current. With history cleared and visiting page for first time Firefox reports that page contains mixed content and that site does not identify iteself.
  Hitting F5 to refresh the page address bar correctly shows green with no mixed content popup and that side idenfies itself.
  SSLCertificateChainFile has been added and this makes no difference.
  Problem does not occur in other browsers (IE, Safari, Chrome).
  A new FF profile has been tried but same problem occurs.
  Why would refeshing the page work?
  Problem affects all firefox browsers 3.5 to 14.01. I dont know about those <3.5.
  I have read and tried most suggestions in forum and elsewhere but cant find a solution.
  I have not provided the url as this is my order page and its important for me to see genuine visitors.

  First a reply to Jsher2000
  Thank you for your suggestions. Yes and Yes did this ages ago but no non-https content.
  I have found a workaround for what appears to be a bug in Firefox:-(
  Here is the non-perfect workaround. First Detect firefox
  xUA=navigator.userAgent.toLowerCase()
  xFf=xUA.indexOf('firefox')!=-1
  if(xFf) top.location.href='https://ord.html'
  else top.location.replace( 'https://ord.html' )
  The current non-secure page is being replaced with a secure one.
  Internet Quote:
  "The difference between location.href and location.replace is that the former creates a new history entry on the visitor's browser meaning that if they hit the back button, they can get in a 'redirection loop' which is usually undesirable and may have unwanted side effects."
  It appears that FF is using some content (cached) from the previous non-secure page when replacing - leading to the mixed content and non-identified site. An F5 refresh or reload of current page will show that site identifies iteself and there is no mixed content.
  In summary its a Firefox Bug.

• How to stop the mixed-content Yes/No question every time you log in or change screens.

  Since the new VZW forum format when I log in or change screens I have been asked if I want to accept content that was not sent encrypted (HTTPS:\).  See attached photo to see what I mean.
  Speaking for myself, I found this very annoying so here is how to stop it if you are using Windows Internet Explorer.
  Bring up Windows Internet Explorer.  I use IE8 and it fixed mine.
  Then go to TOOLS>Internet Options and Select the Security Tab.  Then Click the Custom Level button.  Next go down through the list in the Miscellaneous Section and change "Display Mixed Content" to ENABLE.
  Hope this makes your day a bit brighter, it did mime!
  JerryF
  If you want to see more about this you can look here.
  http://blogs.msdn.com/b/askie/archive/2009/05/14/mixed-content-and-internet-explorer-8-0.aspx

  jco23,
  Go back and again check to see that it is ENABLED.
  I say this because the first time I "tried" to enable it, it didn't enable it.  I tried again and discovered that I did NOT do the proper exit procedure when closing (leaving) the miscellaneous list after I changed it to enabled.  Oh dopey me!!!
  The second time it worked.
  JerryF

• Using RSLs results in a mixed content warning in Chrome?  When did this start happening?

  Hello All,
  We've got a secure (delivered via HTTPS) Flex app that has been using RSLs for years.  Just today, I noticed that Chrome was showing a "mixed content" warning for our app.
  We're not getting this same warning in IE or Firefox.  I poured over the requests in Chrome's developer tools, and there were only two HTTP requests:
  http://fpdownload.adobe.com/pub/swz/crossdomain.xml
  http://fpdownload.adobe.com/crossdomain.xml
  These both appear related to the Adobe hosted Flex RSLs.
  I changed my compilation options to merge libraries into code (no RSLs).  As soon as I did this, the mixed content warning in Chrome went away (and so did these two HTTP requests).  Switch back to RSLs, and the mixed content warning comes back (along with the two HTTP requests).
  Turning off RSLs makes my app quite a bit fatter--over 600kb fatter.  That's a lot.  I want to use RSLs, like we've been doing in the past!  How can this be fixed?
  Chrome Version: 22.0.1229.94 m
  Flash Player Version: 11.4.31.110
  OS Version: Windows 7, 64 bit
  Complete User-Agent string:
  Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

  After looking through the Build->Properties->Flex Build Path->Library Path settings, I found that the RSLs each have a "Deployment Path/URL" and "Policy file URL" value.  For instance, for the text layout RSL, we've got:
  Deployment Path/URL: http://fpdownload.adobe.com/pub/swz/tlf/1.0.0.595/textLayout_1.0.0.595.swz
  Policy file URL: http://fpdownload.adobe.com/pub/swz/crossdomain.xml
  I went through each of the RSLs and changed both deployment and policy URLs to use HTTPS.
  Once I did this, the mixed content warning in Chrome stopped showing up.
  But I'm still at a loss as to why this started happening in the first place.  As I indicated in my original post, we've had this app running for years and this is the first we've noticed a mixed content warning in any browser.  What's going on?
    -Josh