Mobile app version of vmapp.org
Login or Join
Pope3001725

: How to prevent browser to block mixed content (http content in a https site) I'm installing SSL in many websites, almost all of those don't give me any problem at all, but some of them do.

@Pope3001725

Posted in: #Content #Http #Https

I'm installing SSL in many websites, almost all of those don't give me any problem at all, but some of them do.

One of the sites uses a 3rd party weather script on a remote server that does not use
EDIT:
My website is not detected as insecure page, instead, it loads without any problem but browsers blocks the widget, so it doesn't print any content (it should print an iframe)

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Pope3001725

2 Comments

Sorted by latest first Latest Oldest Best

 

@Annie201

There is another solution - as mentioned here on the Google developers site
Short: you could either use upgrade-insecure-requests - which will result in the non-https widgets not being displayed (quote:if the resource is not available over HTTPS, the upgraded request fails and the resource is not loaded. This maintains the security of your page)- it's not supported by all browsers however.
Alternative is to use block-all-mixed-content - which will block all insecure content (even if it's inside an iframe) - not very sure about browser support.

Haven't used either one - but could be worth checking.

10% popularity Vote Up Vote Down


 

@Turnbaugh106

Sorry to be the bearer of bad news but the issue is with your site and there's no way to prevent a obviously intended notification. The notification informs users that the site is not fully secure, which its not if you are using 3rd party scripts over HTTP. If you want to solve the problem then you must use on all local and external resources.

So if you want users knowing that your site is fully secure and you want Google to reward a bit of SEO value to the site because of it, then you must either have them upgrade to SSL or ditch the widget all together... there is no workaround for this issue... Also rather than using you should opt to use //example.com/image.jpgif the site is accessible via both protocals.

Your three options are:


Remove the widget.
Accept the notification
Ask them to upgrade the API service to HTTPS.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme