• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 553
  • Last Modified:

Why would this code make a "secure content" window appear?

I've got a little window with this code in it:

echo "Hello";

That's it! And yet, I get that pesky little box that says if I only want to watch the material that's been delivered securely.

In the past, I would just systematically remove everything that add it back incrementally to narrow down the content that was being perceived as "unsecure." Here it's different though because I'm only running the code that you see above.

What can I do to make it more secure so my user doesn't get that dialog box? What content is not secure?
3 Solutions
Dave BaldwinFixer of ProblemsCommented:
Are you linking to that with 'https'?  Is that the whole page (not a valid page) or just part of a page?
Garry GlendownConsulting and Network/Security SpecialistCommented:
Sounds to me like the content is delivered via https but without an officially signed certificate ... which browser is being used?
Ray PaseurCommented:
Please post the URL of that page, thanks.
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Dave HoweCommented:
In a normal example, that would not happen.
If it *is* happening, that usually indicates that the source as received isn't what you are sending - so I would advise accepting the dialogue and saying you wish to see *all* content (secure and insecure), then using "view source" on the browse to see what you are actually receiving. it sounds like someone or something is injecting other code (maybe an ad?) into your stream, and hence, confusing the issue.
Ray PaseurCommented:
someone or something is injecting...
Very good point.  Maybe your server has been hacked!  Please post the URL so we can see the issue in action, thanks.
Dave HoweCommented:
@Ray: The majority of the time, servers with injection aren't "hacked" - they are either free hosting solutions that inject if the client doesn't include their ads manually, or ISP based interceptors such as phorm who are monitoring content for marketing purposes (and injecting ads that way).

Or TLAs of course but those usually don't mess up this badly, and/or its paranoia to think they will be intercepting your very first "hello world!" php app :)
Ray PaseurCommented:
Hmm... Maybe the clue is here:
I've got a little window ...
That might seem to imply that the little window came from a "bigger" window?  Maybe the bigger window is opening a popup and the popup is sending content from a PHP script that is not behind HTTPS.  But instead of speculating, it would be so much easier to figure this out if we could get the URL and see it in action!

Standing by, ~Ray
Dave HoweCommented:
I am assuming he means the standard browser "mixed content" popup, which you get if there is http content on a https page and so forth.
Its possible its something else, but occams razor and all that...
brucegustAuthor Commented:
Hey guys!

I got if figured out.

The problem was that the, "little window" was in fact part of a larger equation that was sitting on a secure server. The URL of the window, however, was http which was throwing things off. When I changed the URL to https, the world was suddenly transformed into a happy place.

Thanks for the input!

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now