Which webmaster's tool can I use to check which files cause my URL to be marked as unsafe?
I reference two scripts with HTTP and I changed that for HTTPS, but I still get the error.
Any checklist I can reference?
Tips Appreciated.
You could use the network tab in the developer panel on your browser (F12). Reload your page and you could easily see which request in not safe.
Related
Here is an image to show better the network tab and console details
I inadvertently clicked a few wrong buttons and now my Content-Security Policy has changed and I am unable to make any GET calls on localhost. It refuses to load any information at all.
I have tried to find a solution but nothing seems to work.
I am using the Firefox browser. I can provide further information. However, I am stuck at this point with these changes.
The following are my current Content Security Policy settings.
There was something wrong that I couldn't figure out so I reset my Firefox settings to default and that has resolved the situation.
I've succesfully installed Jmeter and setup the recording. I added the next config elements: HTTP Cookie Manager, HTTP Cache Manager with clear cache every iteration enabled. I'm using Firefox and Jmeter is recording everything that I do in the browser.
But I have one problem: when I go to pinterest.com I receive a white page with black text. Every other website is working like it suppose, but I want to test only Pinterest. When I try to setup a new account...the same: white page with black text. Something is not loading correctly and I don't know what.
Can someone help me with a hint?
When you to through the proxy, your browser doesn't trust HTTPS traffic anymore, because the proxy replaces the certificates. If your page is a HTTP page that uses HTTPS resources like Style Sheets or JS files, you get what you're describing - a plain black text site on white background - where graphic buttons don't work anymore.
If you use firebug to inspect your traffic, you will see the resources that are not loading because of HTTPS certificate issues. You can either add exceptions to your browser to load these resources, or as #aleix suggested you can use a browser plugin like Blazemeter to record scripts without going through a proxy.
See here for more information.
Thank you all for answering to my problem. I've resolved the issue by importing manually the certificate created by Jmeter in his bin folder to Firefox.
It was, indeed, a https certificate problem, but I'd managed it because of your feedback.
Try blazemeter extension for chrome, is a recorder http request like proxy server of JMeter, and maybe it wil allow you to record correctly in pinterest
I am running a site. Some of its pages are not working in Firefox, but work perfect in Chrome. In Firefox it shows me a gray shield next to the URL and when I click on that shield and manually click on disable protection on this page then my page works fine. So now the problem is that there are many users on my site, and some of them don't know how to do it so I want to handle it on my site so its users don't need to do that.
How can I do it? I Googled and found a setting of Firefox in about:config named security.mixed_content.block_active_content. If we set it to false then it works. So is there a way to do it programmatically or other way so that users just view that page without seeing that shield?
As I understand it, content that is blocked by default by Firefox now is http content that is accessed from an https page. Common types of content that fall foul of this are external stylesheets and images.
As far as I am aware the way to prevent the problem on your site is to make sure that if a page is served by https, any and all other files that it references are also served by https.
Hi Friends,
The reason you see this error in Mozilla Firefox is because your
website is a Mixed Box that is, your website has many internal links
which are not SSL protected.
In order to avoid this error from showing up in Mozilla Firefox you
will have to make sure all the internal links on your website are SSL
protected.
So, Use https:// in your page not http://
I hope I was clear enough in answering your query.
firefox has blocked content that isn't secure means there are some contents on your website are not secure.
I had same issue as my fonts were downloading with http://google.apis.something instead of https
Then I change to //google.apis.something and problem get solved.
To know what is not secure in you website use this link
I'm trying to copy the mixed content feature of chrome into firefox. What I've got so far is to block all non-https requests on a site that is https. The problem is that navigation is treated the same as resources. Specifically, once on an https website, I can't navigate away from the site because the non-http request to navigate away is being rejected due to my code.
How do I see the difference between navigation and resource requests?
Well, I couldn't find an answer specifically to my question, but through other roots my friend was able to get the same solution. Resources that were useful follow:
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIContentPolicy
2:40 AM
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsICategoryManager
2:41 AM
https://developer.mozilla.org/en-US/docs/XUL_School/Intercepting_Page_Loads#Content_Policy
I am developing web pages which reference external links/images/stylesheets etc. I have 1 page which loads fine in HTTPS, but then when I apply different external styles, some of the external styles cause a warning "Contains unauthenticated content"
Don't get me wrong, I understand WHAT this means, but I can't see any reference to any HTTP requests in View source, Firebug, Live HTTP Headers or in the View Page Info > Media window.
Does anyone have any tips or ideas of plug ins or tools which can identify exactly which items Firefox is not happy with?
Unfortunately this page is not live on the internet so I can't show it to you.
Thanks
You could, theoretically, use a proxy that just logs all requests and redirects them to the server. Of course, that is a very roundabout way of doing this :)
I have used Proxomitron and this showed the file!
Use FireFox to see the media assets. Click on the lock on the Status Bar when you are on a secure page, then Media.