this is an updated question:
I am trying to include a picture on an external server.
PROBLEM HERE: my home website is using https:// and the picture on the external server is just http. The picture is fine (tested) but IE seems not to allow to access http:// sources when on a https:// website.
I am looking for html or javascript code to allow access for loading pictures from other domain WHEN my home domain is HTTPS and my external domain is HTTP
thanks
Klaus
I'm afraid this is a feature of the browser. When you enter a page like this on IE and some other browsers, it will give the user the option to disallow "unsecured" elements on the page (this includes elements served over HTTP); and will not display them. Your page cannot override the users' action.
Related
I have been working on a website www.xyz.com which is hosted on some server. I have been loading forms & contents from www.abc.com using I Frame which is hosted on Azure. We have now decided not to use I Frames and to load the content from www.abc.com using Jquery AJAX. Now the abc.com is providing me the UI page fragment for my forms and contents from Azure blob storage in form of .html file or .txt file. If i try to do a normal AJAX call for the HTML or TXT file path, i can the see the content coming in the Response tab of that URL but the code does not enters the Success template and hence i am unable to modify or access the content.
Please suggest
You can use Application Request Routing (ARR) for this. This is a module you can install in IIS which also works in Windows Azure.
The following image illustrates how ARR works. An incoming request is intercepted and based on a set of rules the request is forwarded (for you this will be to xyz.com) and the response is the served back to the user. Even though this illustration explains the principle with sub directories, it can also be applied on the full site.
I have a QR code image that's embedded from the Google Charts API. Recently it stopped working, but I haven't changed anything in my code.
Here's the page (note the broken images): [redacted]
As you can see, the images are embedded as http:// but when they are loaded, they're redirecting to the https:// URL on the google domain, which is broken.
Why is this redirect happening?
Edit: forgot to add -- what's even stranger is that if you view the image in a new tab, then change http to https (in effect, making the url the exact one that was originally requested),
it loads fine.
Edit #2 removed the link to my test site, as I've fixed the problem.
Turns out the google charts domain has changed. The new one is:
https://chart.googleapis.com
do not use
http://chart.apis.google.com
I’ve created a welcome tab for a Page. When I set the Page Tab URL to pull content from http://journalism.unr.edu/facebook/welcome/, the tab comes up blank. But when I uploaded a copy of the content to a free 000webhost.com hosting account at http://rsj.netii.net/welcome/, and used that address as the Page Tab URL, the content loads just fine. What I want to know is, why?
I’ve experimented with pulling content from other URLs into my page tab:
yahoo.com - works
google.com - doesn’t work
unr.edu - works
journalism.unr.edu - doesn’t work
unr.edu/engineering - doesn’t work (shows error message: “The page cannot be displayed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.”)
Does anyone know why page tabs/iframe apps load content from some domains but not others? Can anyone tell me how to fix the journalism.unr.edu web server (I have access to it, I work for the journalism school) so that page tabs can load content from it? We’d like to be able to pull content straight from our website without having to copy it over to a free hosting account.
I'm not sure what is the problem with http://journalism.unr.edu/facebook/welcome/
But I cannot even get it to load inside of an iframe. Maybe there's some restriction setup in the hosting or server that servers that site. Or maybe a more complex issue with the server not allowing it to be iframed from a different host domain.
Simple to test, just make an html page like.
<html>
<body>
<p>I hope it loads</p>
<iframe src="http://journalism.unr.edu/facebook/welcome/" width="400" height="300"></iframe>
</body>
</html>
Also: "unr.edu/engineering - doesn’t work (shows error message: “The page cannot be displayed. The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.”)"
That one is because you're pointing to a resource on the server that does not allow HTTP POSTs.
I've found the page that plain http images with a https/ssl page can't be displayed without warnings. Are there any way to display a picture from another http:// web-site on your https://web-site without warnings? (suppose you have a permission to display that picture on you web-site).
Chrome put a yellow triangle on SSL locker: "...However, this page includes other resources, that are not secure..."
IE displays a warning when a page loads: "Do you want to view only the webpage content that was delivered securely?"
So, how to display a picture on https:// page if it is on another web-server?
You can use the information on this article on Encosia. Basically you have to use a // syntax for your urls in order to use the same protocol in all cases. For example, if you have a https request, the following
//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
will hit google's CDN using the https protocol. However, if you don't have control over the other server, i think you're out of luck. If you do have control over the other server i'd recommend using the method described in the article above by allowing your content server to serve both protocols.
I have some pages that are sent via HTTPS. Internet Explorer sometimes complains about "This webpage contains content that will not be delivered using a secure HTTPS".
I looked in the html source to confirm all content calls (href, src, etc...) are sent via https. My CSS files use relative paths. But I'm still getting these warnings.
Is there an easy way to track down which items are not sent via HTTPS?
You could fire up Fiddler to see what exactly IE is requesting over regular HTTP.
In Fiddler's default configuration, HTTPS requests will show up with a lock and CONNECT as the host. HTTP requests will have a non-lock icon.
(source: josh3736.net)
I usually use Firefox + Firebug (the "Net" tab) to find the offending request. You could also use Fiddler for this. (with any browser)
I've used the following site before - I finding it easier than loading up firebug / fiddler.
http://www.whynopadlock.com/
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for unsecure content - images, scripts and CSS.
(disclaimer: I'm one of the developers)
In Google Chrome, similar to Firefox w/ FireBug, you can use the 'Network' tab of the Developer Tools console.
Open the Developers Tools console, go to the 'Network' tab, and reload the target page. Any warnings with the page, such as insecure content being loaded, will be indicated with the number of warning and an 'alert' icon in the bottom right corner (Chrome v23.x). Click on the icon and a list of the warnings, in this case, the resources being loaded insecurely, will be displayed.
Using following tools could help:
Firefox's FireBug . opening tab Network shows you connection details to multiple resource
Fiddler - acts as sniffer allows you explore details of connect.
using firefox - view generated source vs viewing source
there is probably a javascript file that is creating a div/iframe that is insecure