I want to make a Wordpress site fully HTTPS Everywhere - but have a number of plugins installed, do I need to make sure that all my external links use href https too?
Only things you have on the site - like images from third party sites etc need to be https. Like Instagram pictures for example. If you are simply linking out to another site then that does not matter. If you use chrome you will see a green padlock if everything is working properly.
Related
We have a HTTPS website and I need to display a HTTP website (any external website) into my page. The website used iframe for displaying it. We realised that it doesn't work in mozilla firefox. We are getting a "mixed content" error. I am searching for an alternative to iframe now. I understand that it makes no sense to bypass the security warning. We also do not want to change any browser settings as it is possible that all the users may not have permissions to change browser settings. Using tags like <embed> or redirecting in <div> tag also gives the same problem.
Is there any way to do this in C# code and not using HTML and scripting.
Response.redirect() does not work in our application. I do not have a problem if the page is redirected but I prefer a dialog/popup window for the external website to display.
This is simply a security consideration. Your HTTPS site is not truly safe when using mixed content.
Use HTTPS for your external site, period.
As Mozilla suggests:
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
I like that Flash CC 2015 Canvas uses CreateJS, however it's not working in doubleclick as the CDN serving the .js files is being served http and doubleclick needs it to be served as https.
Is create JS aware of this and do they have updated CDN links that we can use when uploading html5 creative to doubleclick, sizemek or other ad networks?
Asset is not SSL-compliant. The following resources are
non-compliant: http://code.createjs.com/easeljs-0.8.1.min.js
http://code.createjs.com/tweenjs-0.6.1.min.js
Did you try removing the scheme http? All should be left is //code.createjs.com/easeljs-0.8.1.min.js. I got a similar complaint.
The security trick is to make all the http:// calls into https://. Just add the s.
Doubleclick now hosts CreateJS on their own CDN: https://support.google.com/richmedia/answer/6307288
Due to the irruption of RTB and Big Ad inventories, non secure protocol url are not allowed.
So, as said you could do both: // or http://
Also, for AdServers, many of them do not accept Folder structure. CreateJS creates an "image" folder for the assets, It is better if you have every asset at root level.
I am running a site. Some of its pages are not working in Firefox, but work perfect in Chrome. In Firefox it shows me a gray shield next to the URL and when I click on that shield and manually click on disable protection on this page then my page works fine. So now the problem is that there are many users on my site, and some of them don't know how to do it so I want to handle it on my site so its users don't need to do that.
How can I do it? I Googled and found a setting of Firefox in about:config named security.mixed_content.block_active_content. If we set it to false then it works. So is there a way to do it programmatically or other way so that users just view that page without seeing that shield?
As I understand it, content that is blocked by default by Firefox now is http content that is accessed from an https page. Common types of content that fall foul of this are external stylesheets and images.
As far as I am aware the way to prevent the problem on your site is to make sure that if a page is served by https, any and all other files that it references are also served by https.
Hi Friends,
The reason you see this error in Mozilla Firefox is because your
website is a Mixed Box that is, your website has many internal links
which are not SSL protected.
In order to avoid this error from showing up in Mozilla Firefox you
will have to make sure all the internal links on your website are SSL
protected.
So, Use https:// in your page not http://
I hope I was clear enough in answering your query.
firefox has blocked content that isn't secure means there are some contents on your website are not secure.
I had same issue as my fonts were downloading with http://google.apis.something instead of https
Then I change to //google.apis.something and problem get solved.
To know what is not secure in you website use this link
I'm doing an iPhone version of a desktop site that includes a blog. The blog often embeds images from other domains (the image URLs always start with http:// in this case, obviously), but because I'm using cache-manifest, these images don't load because they aren't declared in the manifest file.
I have a NETWORK: whitelist section that has all of my AJAX request files, etc. I've even whitelisted the flickr farm domains because a lot of the images we add to the blog come from our flickr page. The flickr images show up just fine, but any other "random" image hotlinks from another domain show broken.
I tried adding a line like this:
http://
to the NETWORK: section, but it doesn't seem to like http:// as a whitelist.
Does anyone have any thoughts on this?
Thanks!
Alex
just add the "online whitelist wildcard flag" to your manifest:
NETWORK:
*
that should do the trick! more info on the whatwg spec page
hope this helps!
I think I've got a workaround. What if you created a simple server-side file (remoteResource.php) that you could reference like this:
remoteResource.php?resource=http://somewhere.com/remote/image.jpg
The PHP (or whatever server side language you're using) could just cURL in the remote resource and send it unmodified to the browser. Then, whitelist that file.
I haven't tested this because the environment I'm working with doesn't have cURL installed (ugh) but I don't see why it can't work.
Lets just say that I wanted to be extra careful with the website I'm visiting (irrespective of whether the site is offered in https) and wanted to convert every href in the web page received into its https equivalent.
Is there a way/add-on to do this ? or do I have to write my own :(
As Paul said, most sites will break if you do this. However, if you wanted to do something similar to this (grabbing all the links on a page and doing something to them), a Greasemonkey script would be easier and quicker than writing a Firefox add-on.
You can't just point all links to https, most of them will break, and secure sites will redirect you to https anyway.