I've included mini-profiler in my app. It loads great on standard http pages, but over SSL I get the following warning
page was loaded over HTTPS, but requested an insecure script 'http://mydomain/mini-profiler-resources/includes.js?v=xyz
Is there a setting or other type of configuration I can use to get this to load over HTTPS?
Related
I use apache on my localhost for hosting sites that I'm working on.
I've started using firefox.
When I'm working locally on a website I don't set up SSL.
When I try to load my local site in firefox, firefox attempts to load the site with a 'https' prefix. This happens if I omit the protocal part of the URI, or if I explicitly type in 'http'.
Of course my site doesn't load. SSL is not enabled on the site.
How can I stop firefox from trying to redirect?
btw - the site itself consists of a single text file with the word 'hello' in that file.
There is no js or serverside logic implementing the redirect.
So I get the following error in Chrome console:
Mixed Content: The page at 'https://your-username.github.io/' was
loaded over HTTPS, but requested an insecure stylesheet
'http://yui.yahooapis.com/pure/0.6.0/pure-min.css'. This request has
been blocked; the content must be served over HTTPS.
Basically the yahoo pure library is being served over HTTP. Is the only solution simply to download it and link to it in a "relative directory" format from my index.html page (e.g., "./pure-min.css")?
As suggested in this issue, try instead
replacing all occurrences of http://yui.yahooapis.com with https://yui-s.yahooapis.com.
You can see it used in this YUI Library Examples: ProfilerViewer Control.
I try to use the skyscanner Widget on an SSL page. SSL is provided by cloudflare.
Now I am getting the "Loading insecure resource on secure page error" and the Widget is not loaded.
See https://www.addismap.com/
vs. http://www.addismap.com/
I am Loading the Widget already via HTTPS but it tries to load parts via HTTP. Probably a bug?
The documentation has been updated to include instructions of how to host the Widget in a page using SSL.
http://business.skyscanner.net/portal/en-GB/Documentation/WidgetsStart
Specifically, include the ssl=true GET parameter in the <script> tag.
Disclaimer: I'm a Skyscanner employee.
You need to load the widget over HTTPS.
Blocked by browser
I have problems with setting up goals in Google Analytics. There are a few bugs in the order page, which I think are causing the problem. With the help of GA debug extention I managed to reach the following errors (5) and warnings (4):
(Here are only the errors, unfortunately 2 as I am not allowed to post more than two links)
-> Mixed Content: The page at ''https://www.xxx.de/de/xxx/'' was loaded over HTTPS, but requested an insecure script 'http://delivery.fpmserving.com/tag.php?tag_id=53&campaign_id=32'. This request has been blocked; the content must be served over HTTPS.
-> Mixed Content: The page at 'the same as above' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'the same as above'. This request has been blocked; the content must be served over HTTPS.
Furthermore, the Page source could not load.
Is there any way that I could remove this insecure script? And make sure that the content is served over HTTPS?
PS: I am not a Developer and unfortunately I am not really familiare with HTML and HTTPS, although I try to inform myself!
I'm trying to enable HTTPS support in my app before the October deadline, but the JavaScript call FB.getLoginStatus never calls my callback.
I'm using OAuth2.0, and I added the channelUrl parameter.
This works fine in HTTP mode.
FireFox is reporting no security warnings during page load, all files appear to be correctly served via HTTPS, and all references in the html/js code appear to be updated to point to https:// instead of http:// (including the channelUrl file).
What else can cause the getLoginStatus to not return?