|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IE messgae "This page contains both secure and nonsecure items"I am hoping someone can help with this. We have a web application that can be viewed over https. Inconsistently our users keep getting "This page contains both secure and nonsecure items". Whether they say yes or no to the message about only displaying the secure content it doesn't make any difference as it doesn't affect the application it is just really annoying. The things I have tried already are: 1) View the source of the page when you say only show secure content and viewed the source of the page when you say no. There is no difference in the source HTML. 2) We do use IFRAMES but we have made sure that none of the IFRAMES have blank src attributes. 3) None of our page content uses http as hard coded links, they are relative links. 4) We have used various http tools such as fiddler, http watcher etc.. but none of these give any indication of why this error would come up. 5) A couple of our pages refresh every 5 mins and they can sit there happily all day on a client machine and refresh running over https without any problems, then the same page can pop up the "This page contains both secure and nonsecure items" message about 10 times in an hour. It is totally inconsistent. We have had about 3 developers working on this problem for days and no-one can figure out what is going on. I'm not sure what else to try, any help would be much appreciated. Many Thanks, AndyWalsh wrote on Tue, 16 Jun 2009 08:44:01 -0700:
Show quoteHide quote > Hi, What about CSS, or any external script files? Make sure none of them are > I am hoping someone can help with this. > We have a web application that can be viewed over https. Inconsistently > our users keep getting "This page contains both secure and nonsecure > items". > Whether they say yes or no to the message about only displaying the > secure content it doesn't make any difference as it doesn't affect the > application it is just really annoying. > The things I have tried already are: > 1) View the source of the page when you say only show secure content > and viewed the source of the page when you say no. There is no > difference in the source HTML. > 2) We do use IFRAMES but we have made sure that none of the IFRAMES > have blank src attributes. > 3) None of our page content uses http as hard coded links, they are > relative links. > 4) We have used various http tools such as fiddler, http watcher etc.. > but none of these give any indication of why this error would come up. > 5) A couple of our pages refresh every 5 mins and they can sit there > happily all day on a client machine and refresh running over https > without any problems, then the same page can pop up the "This page > contains both secure and nonsecure items" message about 10 times in an > hour. It is totally inconsistent. > We have had about 3 developers working on this problem for days and > no-one can figure out what is going on. > I'm not sure what else to try, any help would be much appreciated. > Many Thanks, referencing HTTP in any way. -- Dan Thanks Dan, but all our CSS and script files all have relative paths.
Show quoteHide quote "Daniel Crichton" wrote: > AndyWalsh wrote on Tue, 16 Jun 2009 08:44:01 -0700: > > > Hi, > > > I am hoping someone can help with this. > > > We have a web application that can be viewed over https. Inconsistently > > our users keep getting "This page contains both secure and nonsecure > > items". > > > Whether they say yes or no to the message about only displaying the > > secure content it doesn't make any difference as it doesn't affect the > > application it is just really annoying. > > > The things I have tried already are: > > > 1) View the source of the page when you say only show secure content > > and viewed the source of the page when you say no. There is no > > difference in the source HTML. > > > 2) We do use IFRAMES but we have made sure that none of the IFRAMES > > have blank src attributes. > > > 3) None of our page content uses http as hard coded links, they are > > relative links. > > > 4) We have used various http tools such as fiddler, http watcher etc.. > > but none of these give any indication of why this error would come up. > > > 5) A couple of our pages refresh every 5 mins and they can sit there > > happily all day on a client machine and refresh running over https > > without any problems, then the same page can pop up the "This page > > contains both secure and nonsecure items" message about 10 times in an > > hour. It is totally inconsistent. > > > We have had about 3 developers working on this problem for days and > > no-one can figure out what is going on. > > > I'm not sure what else to try, any help would be much appreciated. > > > Many Thanks, > > > What about CSS, or any external script files? Make sure none of them are > referencing HTTP in any way. > > -- > Dan > > > There "has" to be content that is being loaded which has a fully
qualified path to an "http://" reference. Often this may be located within a maze of jscript files which include other js which include other js, and may be very hard to locate. Even for example using Google's AdSense or AdWords may cause this to occur, if you're not using their correct APIs in the context of your pages (SSL/non-SSL). If you're still unable to locate the problem, try running WireShark on the affected PCs and sniff out traffic on port 80 and 443. When you see packets on port 80, this will tell you were the content is located. Show quoteHide quote > Hi, > > I am hoping someone can help with this. > > We have a web application that can be viewed over https. Inconsistently our > users keep getting "This page contains both secure and nonsecure items". > > Whether they say yes or no to the message about only displaying the secure > content it doesn't make any difference as it doesn't affect the application > it is just really annoying. > > The things I have tried already are: > > 1) View the source of the page when you say only show secure content and > viewed the source of the page when you say no. There is no difference in the > source HTML. > > 2) We do use IFRAMES but we have made sure that none of the IFRAMES have > blank src attributes. > > 3) None of our page content uses http as hard coded links, they are relative > links. > > 4) We have used various http tools such as fiddler, http watcher etc.. but > none of these give any indication of why this error would come up. > > 5) A couple of our pages refresh every 5 mins and they can sit there happily > all day on a client machine and refresh running over https without any > problems, then the same page can pop up the "This page contains both secure > and nonsecure items" message about 10 times in an hour. It is totally > inconsistent. > > We have had about 3 developers working on this problem for days and no-one > can figure out what is going on. > > I'm not sure what else to try, any help would be much appreciated. > > Many Thanks,  
Other interesting topics
certificate question
status code 200 logged in log file IIS 2003/IIS6 Permissions maze..... IIS Security - Default installations on Vista Why does IIS ask for a password when I type http://localhost? how do I manage IIS? Securing virtual directories Logs in Windows Server IIS and Public Internet Website |
|||||||||||||||||||||||
