Mobile app version of vmapp.org
Login or Join
Goswami781

: HTTPS. Solution for "This page is trying to load scripts from unauthenticated sources" from third-party sources I've got a website using third-party JavaScript scripts, from Google AdSense (to show

@Goswami781

Posted in: #Https #Javascript

I've got a website using third-party JavaScript scripts, from Google AdSense (to show ads), Google Analytics (to track visits), Google Maps (to show maps) or Facebook (to allow users leave comments).

I'm trying to implement HTTPS, but I've noticed that my pages, which now are SSL secured, include these not-SSL scripts. So, web browsers like Chrome are showing the "This page is trying to load scripts from unauthenticated sources" message and avoiding users to see the contents of these scripts, so AdSense ads are not being shown.

I wondered if the solution is as easy as changing the URL of the scripts, from 'http' to 'https', or you guys have used another smarter solution.

Thank you very much in advance.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Goswami781

1 Comments

Sorted by latest first Latest Oldest Best

 

@Turnbaugh106

You can try this:-

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />


Or

<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />


Paste it in <head>...</head> tags.

The HTTP Content-Security-Policy (CSP) block-all-mixed-content directive prevents loading any assets using HTTP when the page is loaded using HTTPS.

All mixed content resource requests are blocked, including both active and passive mixed content. This also applies to <iframe> documents, ensuring the entire page is mixed content free.

The upgrade-insecure-requests directive is evaluated before block-all-mixed-content and If the former is set, the latter is effectively a no-op. It is recommended to set one directive or the other – not both.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme