I'm working on a project where i don't need the https protocol, so for this reason I would like to disable it on my workspace. I need just the normal http protocol
It is possible?
As you may have noticed, previews in C9 default to https. To view with http you'll need to pop-out the preview (diagonal double arrow next to URL) to a new tab and change to http.
Related
I am playing around the cloud9 IDE, the preview is using https, but I have some CDN resource embedded in the page which use http, this is a conflict so that my page does not work. But seems that cloud9 preview only support https. Can I change it to http?
Thanks
If you use the "pop-out" button on the preview pane the page will open in a new browser window. There you can easily change the protocol from https to http.
However it would be preferable to load the data over https if your CDN support that.
I am observing a website with Google Chrome and Fiddler version 4.4.
The page is using AJAX to update its data. I want to block a specific URL to test what will happen if it doesn't work.
What is the easiest way to block the URL?
What would you like to have happen?
Go to the AutoResponder tab. Tick Enable Automatic Responses and Unmatched requests pass through. Click the Add button. In the top box, enter http://example.com/yourURLisHere. In the box below it, select either 404_Plain.dat or choose *drop or *reset. The first returns a 404. The second just drops the connection if it sees the target URL. The third sends a TCP/IP RST packet if it sees the target URL.
We have an a HTTPS site that brings up a page from a different site of ours that’s HTTP.
In IE (9), we get the message at the bottom of the page:
“Only secure content is displayed. What’s the risk? [Show all content]”.
When the button is clicked, it closes the lightbox-ish control that's open and returns to the page it was overlaid on.
Does anyone know how to avoid this?
In the HTTP site’s page, one guy here had the idea to add, at the end of On_Load, the following to turn off cross-site scripting protection:
this.Response.Headers.Add("X-XSS-Protection", "0");
Both sites are C# / ASP.NET 4.0.
Thanks in advance!
Add the url to your trusted sites, it's the only way if you don't send all data through https.
Internet Options -> Security -> Trusted Sites -> Sites.
If this is something that needs to be company wide, I would recommend pushing out the rule via a group policy.
Alternatively, allow access the control using https on the other site (if you can) and reference that - the warning will disappear.
The real setting to enable here is to "Display mixed content" for the zone of the site you want. If the site is on your Intranet, you select Intranet zone in the Security settings, then Custom level. If it's an Internet site, you go there and go to Custom level.
There, you should see the "Display mixed content" setting, and simply select "Enable", then "OK" your way out of the dialogs.
Reference: https://www.mydigitallife.net/how-to-disable-only-secure-content-is-displayed-in-ie-always-show-all-mixed-content/
I've found the page that plain http images with a https/ssl page can't be displayed without warnings. Are there any way to display a picture from another http:// web-site on your https://web-site without warnings? (suppose you have a permission to display that picture on you web-site).
Chrome put a yellow triangle on SSL locker: "...However, this page includes other resources, that are not secure..."
IE displays a warning when a page loads: "Do you want to view only the webpage content that was delivered securely?"
So, how to display a picture on https:// page if it is on another web-server?
You can use the information on this article on Encosia. Basically you have to use a // syntax for your urls in order to use the same protocol in all cases. For example, if you have a https request, the following
//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
will hit google's CDN using the https protocol. However, if you don't have control over the other server, i think you're out of luck. If you do have control over the other server i'd recommend using the method described in the article above by allowing your content server to serve both protocols.
I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".
I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.
Is there an easy way to track down which items are not sent via HTTPS?
You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.
In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.
(source: josh3736.net)
I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)
I've used the following site before - I finding it easier than loading up firebug / fiddler.
http://www.whynopadlock.com/
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.
(disclaimer: I'm one of the developers)
In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.
Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.
Using following tools could help:
Firefox's FireBug . opening tab Network shows you connection details to multiple resource
Fiddler - acts as sniffer allows you explore details of connect.
using firefox - view generated source vs viewing source
there is probably a javascript file that is creating a div/iframe that is insecure