images causing problems with https

scm0sml
scm0sml used Ask the Experts™
on
Hi,

I have a master page that my pages use and one or two pages use https.

On these pages the user is getting warnings about content not being secure because of the url to images etc, say the logo and so.

Is there a workaround for this?

Using c# 4
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You can fix this either at the server side or client side...

Server side fix:
Make sure that the images are in the same directory as the main files, if necessary make copies of the image files and change references to those images to the secured folder instead of the original source.

Client side fix:
Either:
(On Internet Options) Make sure to UNCHECK "Block unsecured images with other secured content" in SECURITY section.
OR:
Add site (domain) to "trusted sites" and UNCHECK require "https"
In general your images should be using relative URLs, e.g.  "/images/logo.png", NOT absolute urls like "http://www.mycompany.com/images/logo.png".

If you use relative URLs you won't get the errors, because the client will use the appropriate protocol - HTTP or HTTPS, to connect and download the data.

Author

Commented:
The client side is not an option, I would have to tell every user on the site to do this.

I don;t really want to go creating two images either.... isn't there a "Normal" work around for this?
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

It's an all or nothing type deal.  All the content either needs to be HTTP or HTTPS.

There is no work-around, sorry.

Author

Commented:
frosty555 this is one example of one of my images:
<img id="logo" src="graphics/logo.png"/>  

However when viewing that on a https url the code still says just graphics/.... in the rendered html?

Also if I have included maybe a jquery or 3rd party library that weren't 3rd party, would they cause the browser to flag that some content isn't secure?

Is this something that we should worry about or not?
Yes you do need to worry about this.

From what I can tell, that image code you posted ought to be perfectly fine.

I can test on my own server as well, which is secured with SSL. The following code works fine in IE and does not generate an error:

(accessed using URL:   https://myserver/test.php)
<html>
<body>

asdfsadfasdf

<img src="images/logo.jpg" />

</body>
</html>

Open in new window


This code DOES generate an error:

(accessed using URL:   https://myserver/test.php)
<html>
<body>

asdfsadfasdf

<img src="http://myserver/images/logo.jpg" />

</body>
</html>

Open in new window

Are you sure it's not some other part of your page that is generating the error? Maybe something buried in your jquery code, or rendered by the third party library is dynamically assembling an absolute URL and forgot to take into account the correct use of HTTP or HTTPS?

As CtrlAltDl said, there is no workaround. For your page to actually be secure all components must use HTTPS properly including AJAX calls, images etc. Either your javascript/php code must take into account which protocol is used when outputting any URLs, or you have to use relative URLs exclusively.

You can use some diagnostic tools to help identify the specific parts of your page that are causing the issue and that may shed some light on what's going on, for example "Fiddler":

http://stackoverflow.com/questions/2836381/easy-way-to-determine-what-content-is-not-delivered-using-a-secure-https-connect

Author

Commented:
The whynopadlock.com link on that page has told me that these are the cuplrits:
 - Insecure URL: http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
 - Insecure URL: http://download.skype.com/share/skypebuttons/js/skypeCheck.js

Is it just as simple as making them https?
It could be that simple if those domains support SSL, but ideally you should download those script files and put them locally in a script folder on your site.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial