|
Home > Archive > IIS Server Security > July 2007 > HTTPS - Mixed content warning
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
HTTPS - Mixed content warning
|
|
| thepisu@gmail.com 2007-06-26, 7:17 am |
| Hi, I've set up a website to use HTTPS SSL connection. It works right,
except that at loading of the main frameset, IE show up a warning:
"the page contains protected and non protected objects"; so the user
have to click "Yes", and the SSL symbol disappears from the browser...
I've searched over frameset and frame HTML, but there is no reference
to HTTP content.. How can I find the item presenting the problem???
Many thanks...
| |
| Bernard Cheah [MVP] 2007-06-28, 1:23 am |
| Argghh, search all src reference of images, etc.
another way I can think off is via the IIS log file.
look for non port 443 request, or port 80 request within those 443 log
entries.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
<thepisu@gmail.com> wrote in message
news:1182842642.080607.290430@n60g2000hse.googlegroups.com...
> Hi, I've set up a website to use HTTPS SSL connection. It works right,
> except that at loading of the main frameset, IE show up a warning:
> "the page contains protected and non protected objects"; so the user
> have to click "Yes", and the SSL symbol disappears from the browser...
>
> I've searched over frameset and frame HTML, but there is no reference
> to HTTP content.. How can I find the item presenting the problem???
>
> Many thanks...
>
| |
| Roger Abell [MVP] 2007-06-28, 7:26 am |
| Pull the page up in IE and then look at the IE cache (IE, Internet Options,
General tab, Browsing History - Settings, Show Files and Show Objects)
and sort by last accessed.
<thepisu@gmail.com> wrote in message
news:1182842642.080607.290430@n60g2000hse.googlegroups.com...
> Hi, I've set up a website to use HTTPS SSL connection. It works right,
> except that at loading of the main frameset, IE show up a warning:
> "the page contains protected and non protected objects"; so the user
> have to click "Yes", and the SSL symbol disappears from the browser...
>
> I've searched over frameset and frame HTML, but there is no reference
> to HTTP content.. How can I find the item presenting the problem???
>
> Many thanks...
>
| |
| thepisu@gmail.com 2007-06-28, 7:26 am |
| Damn! In browser cache all files are addressed with "HTTPS", and in
IIS Log, all files (pages, images, JS, CSS..) are all server by port
8091, that is the port I set to be HTTPS...
The warning appears only in Internet Explorer, tried IE6 and 7 (does
not appear in Firefox), when the main page are loaded (that contains
an iframe javascript-driven, that appears to be also server with
HTTPS).
I'm going crazy... 
On 28 Giu, 08:51, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
> Pull the page up in IE and then look at the IE cache (IE, Internet Options,
> General tab, Browsing History - Settings, Show Files and Show Objects)
> and sort by last accessed.
>
| |
| thepisu@gmail.com 2007-06-28, 7:26 am |
| Problem resolved! I am using the javascript library YUI-EXT (now
Ext.js), and I have to set the variabile YAHOO.ext.SSL_SECURE_URL to
point a blank file:
YAHOO.ext.SSL_SECURE_URL='/js/images/blankfile';
http://www.yui-ext.com/manual/faq
IE is so strange... how can he found "java script:false" a non-secure
url???
On 28 Giu, 12:07, thep...@gmail.com wrote:[vbcol=seagreen]
> Damn! In browser cache all files are addressed with "HTTPS", and in
> IIS Log, all files (pages, images, JS, CSS..) are all server by port
> 8091, that is the port I set to be HTTPS...
>
> The warning appears only in Internet Explorer, tried IE6 and 7 (does
> not appear in Firefox), when the main page are loaded (that contains
> an iframe javascript-driven, that appears to be also server with
> HTTPS).
>
> I'm going crazy...
>
> On 28 Giu, 08:51, "Roger Abell [MVP]" <mvpNoS...@asu.edu> wrote:
>
| |
| Bernard Cheah [MVP] 2007-07-02, 1:21 am |
| @@ glad you figured out.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
<thepisu@gmail.com> wrote in message
news:1183026304.158955.114930@k29g2000hsd.googlegroups.com...
> Problem resolved! I am using the javascript library YUI-EXT (now
> Ext.js), and I have to set the variabile YAHOO.ext.SSL_SECURE_URL to
> point a blank file:
>
> YAHOO.ext.SSL_SECURE_URL='/js/images/blankfile';
>
> http://www.yui-ext.com/manual/faq
>
> IE is so strange... how can he found "java script:false" a non-secure
> url???
>
> On 28 Giu, 12:07, thep...@gmail.com wrote:
>
>
|
|
|
|
|