Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.
images causing problems with https
Hi,
I have a master page that my pages use and one or two pages use https.
On these pages the user is getting warnings about content not being secure because of the url to images etc, say the logo and so.
Is there a workaround for this?
Using c# 4
I have a master page that my pages use and one or two pages use https.
On these pages the user is getting warnings about content not being secure because of the url to images etc, say the logo and so.
Is there a workaround for this?
Using c# 4
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You can fix this either at the server side or client side...
Server side fix:
Make sure that the images are in the same directory as the main files, if necessary make copies of the image files and change references to those images to the secured folder instead of the original source.
Client side fix:
Either:
(On Internet Options) Make sure to UNCHECK "Block unsecured images with other secured content" in SECURITY section.
OR:
Add site (domain) to "trusted sites" and UNCHECK require "https"
Server side fix:
Make sure that the images are in the same directory as the main files, if necessary make copies of the image files and change references to those images to the secured folder instead of the original source.
Client side fix:
Either:
(On Internet Options) Make sure to UNCHECK "Block unsecured images with other secured content" in SECURITY section.
OR:
Add site (domain) to "trusted sites" and UNCHECK require "https"
In general your images should be using relative URLs, e.g. "/images/logo.png", NOT absolute urls like "http://www.mycompany.com/images/logo.png".
If you use relative URLs you won't get the errors, because the client will use the appropriate protocol - HTTP or HTTPS, to connect and download the data.
If you use relative URLs you won't get the errors, because the client will use the appropriate protocol - HTTP or HTTPS, to connect and download the data.
The client side is not an option, I would have to tell every user on the site to do this.
I don;t really want to go creating two images either.... isn't there a "Normal" work around for this?
I don;t really want to go creating two images either.... isn't there a "Normal" work around for this?
It's an all or nothing type deal. All the content either needs to be HTTP or HTTPS.
There is no work-around, sorry.
There is no work-around, sorry.
frosty555 this is one example of one of my images:
<img id="logo" src="graphics/logo.png"/>
However when viewing that on a https url the code still says just graphics/.... in the rendered html?
Also if I have included maybe a jquery or 3rd party library that weren't 3rd party, would they cause the browser to flag that some content isn't secure?
Is this something that we should worry about or not?
<img id="logo" src="graphics/logo.png"/>
However when viewing that on a https url the code still says just graphics/.... in the rendered html?
Also if I have included maybe a jquery or 3rd party library that weren't 3rd party, would they cause the browser to flag that some content isn't secure?
Is this something that we should worry about or not?
Yes you do need to worry about this.
From what I can tell, that image code you posted ought to be perfectly fine.
I can test on my own server as well, which is secured with SSL. The following code works fine in IE and does not generate an error:
This code DOES generate an error:
As CtrlAltDl said, there is no workaround. For your page to actually be secure all components must use HTTPS properly including AJAX calls, images etc. Either your javascript/php code must take into account which protocol is used when outputting any URLs, or you have to use relative URLs exclusively.
You can use some diagnostic tools to help identify the specific parts of your page that are causing the issue and that may shed some light on what's going on, for example "Fiddler":
http://stackoverflow.com/questions/2836381/easy-way-to-determine-what-content-is-not-delivered-using-a-secure-https-connect
From what I can tell, that image code you posted ought to be perfectly fine.
I can test on my own server as well, which is secured with SSL. The following code works fine in IE and does not generate an error:
(accessed using URL: https://myserver/test.php)
<html>
<body>
asdfsadfasdf
<img src="images/logo.jpg" />
</body>
</html>
This code DOES generate an error:
(accessed using URL: https://myserver/test.php)
<html>
<body>
asdfsadfasdf
<img src="http://myserver/images/logo.jpg" />
</body>
</html>
As CtrlAltDl said, there is no workaround. For your page to actually be secure all components must use HTTPS properly including AJAX calls, images etc. Either your javascript/php code must take into account which protocol is used when outputting any URLs, or you have to use relative URLs exclusively.
You can use some diagnostic tools to help identify the specific parts of your page that are causing the issue and that may shed some light on what's going on, for example "Fiddler":
http://stackoverflow.com/questions/2836381/easy-way-to-determine-what-content-is-not-delivered-using-a-secure-https-connect
The whynopadlock.com link on that page has told me that these are the cuplrits:
- Insecure URL: http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
- Insecure URL: http://download.skype.com/share/skypebuttons/js/skypeCheck.js
Is it just as simple as making them https?
- Insecure URL: http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
- Insecure URL: http://download.skype.com/share/skypebuttons/js/skypeCheck.js
Is it just as simple as making them https?
Premium Content
You need an Expert Office subscription to comment.Start Free Trial