: How to serve static content without https in a secure site? I want to serve static content from my site but my site is https-only. My static http server only serve http content (non https)

@Bryan171

I think you need to clarify your thinking because your question doesn't really make sense.

Static and secure are not mutually exclusive or even related to each other. You can have secure static content and non-secure non-static content. Secure just means it's encrypted (SSL, i.e., https). Static means it's not generated per-request for the client. These are two fundamentally different concepts.

If you're not mixing up your terminology, then I would ask why your secure server can't serve static content. My guess is that it does, so you just need to put your static content onto the secure server and then a browser won't complain about the mixed http/https content because it will all be https. If there is truly some technical limitation on the secure server that prevents it from serving static content (e.g., it can't even serve a CSS file), then yes, you should look at adding SSL to the other server you're using.

Vote Up Vote Down

@Dunderdale272

Internet Explorer and I think some other browsers will warn a user when the assets for a site using the https protocol are served from http. The first best solution is to allow your static asset server to serve secure content and have your site use a consistent protocol. The second best solution is going to be to create a page on your secure site that is a proxy, basically you need to create a dynamic page that calls the external page or asset, and returns it through that proxy. How that page is written depends on what dynamic programming language is available to you on the secure server.

Basically IE has a legitimate security issue with mixing protocols. It knows it can trust the https server, but does not trust the http one.

Vote Up Vote Down