: HTTPS. Solution for "This page is trying to load scripts from unauthenticated sources" from third-party sources I've got a website using third-party JavaScript scripts, from Google AdSense (to show
I've got a website using third-party JavaScript scripts, from Google AdSense (to show ads), Google Analytics (to track visits), Google Maps (to show maps) or Facebook (to allow users leave comments).
I'm trying to implement HTTPS, but I've noticed that my pages, which now are SSL secured, include these not-SSL scripts. So, web browsers like Chrome are showing the "This page is trying to load scripts from unauthenticated sources" message and avoiding users to see the contents of these scripts, so AdSense ads are not being shown.
I wondered if the solution is as easy as changing the URL of the scripts, from 'http' to 'https', or you guys have used another smarter solution.
Thank you very much in advance.
More posts by @Goswami781
1 Comments
Sorted by latest first Latest Oldest Best
You can try this:-
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
Or
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
Paste it in <head>...</head> tags.
The HTTP Content-Security-Policy (CSP) block-all-mixed-content directive prevents loading any assets using HTTP when the page is loaded using HTTPS.
All mixed content resource requests are blocked, including both active and passive mixed content. This also applies to <iframe> documents, ensuring the entire page is mixed content free.
The upgrade-insecure-requests directive is evaluated before block-all-mixed-content and If the former is set, the latter is effectively a no-op. It is recommended to set one directive or the other – not both.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.