plain http image on https/ssl page = warning - image

I've found the page that plain http images with a https/ssl page can't be displayed without warnings. Are there any way to display a picture from another http:// web-site on your https://web-site without warnings? (suppose you have a permission to display that picture on you web-site).
Chrome put a yellow triangle on SSL locker: "...However, this page includes other resources, that are not secure..."
IE displays a warning when a page loads: "Do you want to view only the webpage content that was delivered securely?"
So, how to display a picture on https:// page if it is on another web-server?

You can use the information on this article on Encosia. Basically you have to use a // syntax for your urls in order to use the same protocol in all cases. For example, if you have a https request, the following
//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
will hit google's CDN using the https protocol. However, if you don't have control over the other server, i think you're out of luck. If you do have control over the other server i'd recommend using the method described in the article above by allowing your content server to serve both protocols.

Related

728x90 Ad Size not showing ads on https

We're in the middle of switching our website from http to https.
Our ads seem to be working on the https version of the website, we use DFP and we bring in competition via PreBid.
But for whatever reason, our 728x90 ads are always showing as house ads, whereas the 300x250, 320x250, and 300x600 ads are correctly working and showing ads.
Any idea why on the secure version of our website, the 728x90 ads wouldn't be working?
There is no generic response for that situation. There are too many possible issues.
The first thing you need to do is to:
Create a simple HTML file with the 728x90 slot inside it and of course the JavaScript code to call DFP.
Open this HTML file with Chrome.
Use the F12 key to open Chrome DevTools.
Check the Console.
For any unsecured resources, Chrome displays a “Mixed Content” message
in the Console. Some text will be in red or yellow.
Red: Errors that indicate the resource was blocked.
Yellow: Warnings that should be fixed.

Internet Explorer does not load images cross domain (https)

this is an updated question:
I am trying to include a picture on an external server.
PROBLEM HERE: my home website is using https:// and the picture on the external server is just http. The picture is fine (tested) but IE seems not to allow to access http:// sources when on a https:// website.
I am looking for html or javascript code to allow access for loading pictures from other domain WHEN my home domain is HTTPS and my external domain is HTTP
thanks
Klaus
I'm afraid this is a feature of the browser. When you enter a page like this on IE and some other browsers, it will give the user the option to disallow "unsecured" elements on the page (this includes elements served over HTTP); and will not display them. Your page cannot override the users' action.

How does Google Instant change the referer sent by the browser?

If you click on a result in Google Instant, the referer sent by your browser to the destination website contains a bunch of parameters, including the all important q=[autocompleted query]
But you're coming from a page whose URL is simply http://www.google.com/ with a bunch of stuff after the # character, i.e. as an on-page anchor.
So the browser appears to be sending a URL as the referer which is different from the URL of the page that you were viewing when you clicked.
There doesn't seem to be an additional redirection, so how on earth do they do that?
Most of the time, a Google search result actually sends you to a Google redirect page rather than directly to the target page. They use JavaScript to switch the target of the link onmousedown as you click on it.
You can see this effect by click-and-holding on the search result link and watching your status bar.
This isn't specific to Google Instant, they've been doing it for quite a long time on their standard results pages.
The page anchor part of the URL can be manipulated client-side without a new request to the server. Even when talking about static anchor links (e.g. Section Foo), clicking on them does not cause a new request to be sent to the server; it is processed completely within the browser.
The javascript being used by Google to make Google Instant work is simply altering the anchor programatically before making a request to the server.
What Google are you using?
My URL after searching is this:
http://www.google.es/#sclient=psy&hl=es&q=something+to+search&aq=f&aqi=g4g-o1&aql=&oq=&gs_rfai=&pbx=1&fp=b0....
It does include the q= part

Easy way to determine what content is not delivered using a secure HTTPS connection?

I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".
I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.
Is there an easy way to track down which items are not sent via HTTPS?
You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.
In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.
(source: josh3736.net)
I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)
I've used the following site before - I finding it easier than loading up firebug / fiddler.
http://www.whynopadlock.com/
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.
(disclaimer: I'm one of the developers)
In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.
Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.
Using following tools could help:
Firefox's FireBug . opening tab Network shows you connection details to multiple resource
Fiddler - acts as sniffer allows you explore details of connect.
using firefox - view generated source vs viewing source
there is probably a javascript file that is creating a div/iframe that is insecure

get list of webpages that contain an image

How can I get a list of webpages that contain the image in question?
Photobucket has a stats option which lets you see what websites have embedded your image. How do they do that?
I'd assume photobucket checks the webserver logs, looking for the referer in any request for a specific image.
For any HTTP request, the browser also sends the so-called referer which contains the URL that "triggered" the request. If someone clicks on a link to webpage B in webpage A, the browser not only requests the linked webpage from the server of webpage B, but also sends the referer along, containing the URL of the "linking webpage" A. Same goes with images embedded in a webpage. The request for the image also contains the URL of the embedding webpage so the server can log which pages embed an image.
Of course, this could be suppressed by privacy tools in the user's browser, so the method would not be completely correct, but in most cases its sufficient.
See also http://en.wikipedia.org/wiki/HTTP_referrer
My guess is that they're seeing what web pages are pulling the embedded image by parsing the server logs.

Resources