On mobile when you go to a city page like this https://www.heritagecremationprovider.com/cremation-services-costs/kansas/bendena
where the browser offers a reader mode the site gets a triangle warning at the top saying that the page is insecure even though for anywhere else outside of reader mode the site has the padlock secure
picture of the triangle warning
picture two of chrome security page from reader mode
Related
I'm working on a test site (not publicly accessible).
It has a valid certificate and when I visit a certain page it shows as secure in chrome...
When I refresh the same page, it shows the security info i icon.
On the security tab in dev tools it says there's mixed content (no other issues)
When I reload the page with the security tab enabled there are no mixed content issues.
The page always shows secure in Firefox.
Does anyone know what causes chrome to show the security info icon, only on reload, and not when the dev tools are open?
I've found a page on another website where this is happening...
https://www.volkswagen.co.uk/financeCalculator/generateDefaultCalculation?modelId=1997
If you go to that link ^^^
It shows secure
Hit refresh
It shows insecure
Open dev tools security tab
It says it's got mixed content
Refresh to get details of mixed content
Page shows as secure.
The VW page you linked to does serve its favicon over http which is the reason for Chrome showing the security info icon.
You may have a plugin/extension on Chrome that injects http links and messes with the overall result regarding mixed content.
To check this you can go to the network tab in developer tools and search links that start with http://
Is it possible to create a Chrome shortcut that will launch a web app in such a way that users will not be able to view or access the URL of the web app via Chrome, e.g., via the address bar, status bar, developer tools, etc. If not, would it be possible if I packaged the web app as a Chrome app? I should note that I am not concerned about the shortcut itself containing the URL, e.g., in its "Properties", because I already have an executable will which launch the shortcut. All I care about is the user not being able to view the app from within Chrome itself once the app has been launched, at least not easily.
I have tried adding Chrome flags/switches, namely, kiosk mode, fullscreen mode, and app mode, but none of them work 100% as needed. Kiosk and fullscreen modes will launch as such only if no other instances of Chrome are open; if another instance of Chrome is already open, both modes will launch in a regular view mode in which users can see the URL in the address bar. App mode (I added "--app=http://www.example.com" to the end of the "Target" property of the shortcut) is promising because it launches with no browser chrome, but I notice that if I refresh the page while in app mode, I can see the URL both in the top window bar and the bottom-left status bar. Also, app mode doesn't prevent the user from opening Developer Tools, which makes viewing the URL trivial.
Any ideas welcome!
So I have a strange situation. I have a web page that SHOULD throw a mixed content warning popup in Internet Explorer, but doesn't always do it. Basically, on my https:// page, there's a CSS file that references an icon located at an http:// absolute URL and uses it as the background-image of a .
My main test machine for IE compatibility is using IE 9, and I have an IE 8 virtual machine.
On IE 9, I can clear the cache and refresh the page, and in Fiddler, I see the browser go out and request the icon as the page loads, and there's no security warning. The icon just shows up like all of the other resources.
On IE 8, if I clear the cache and hit the same page, I get the expected security warning ("Do you want to only load the secure content") and the loading behavior works as expected (clicking "Yes" will not load the icon, clicking "No" will load it).
I'm trying to determine why IE 9 isn't throwing that error. Any thoughts?
IE9 does not block or ask about "unsecure images" any longer by default
If a HTTPS page contains unsecure images, the images are permitted by default. We did this to provide a friendlier user-experience given how frequently Web sites make this mistake with images.
This is on par with some other browsers. E.g. Firefox classifies images as "passive content" and does not block them either.
I would like to use apple-mobile-web-app-capable to allow a user to browse a website like a kiosk, without the navigation bar and the page fullscreen.
This works well until a link is clicked, then it opens Safari.
Is there any way to use this fullscreen mode and allow clicking of links without being taken to Safari?
I asked a similar question over on AskDifferent - Hiding URL Bar on iPad.
The answer I received there suggested distributing the web app's configuration file, which allows you to configure many more options. The end-user must agree to the profile installation, but having a controlled device will limit any frustration with this fact. The details of this were linked to in the above answer, but it appears to be broken now.
Alternatively, Chrome has a full screen browser mode that can be taken advantage of. Given a controlled device you could simply use the alternative browser.
In IE8, the Microsoft introduced a new mode called compatibility mode which would render the page like IE7.
You can see this button next to address bar in stackoverflow.com. But when you access google.com / live.com, you would not see the compatibility mode button. How do we make sure the pages don't show this button the user?
Short answer:
Put this in your head tag to tell the browser that your page works in IE 8:
<meta http-equiv="X-UA-Compatible" content="IE=8" />
Also as per Jon Hadleys comment, to ensure the latest (not just IE8) rendering engine is used, you could use the following:
<meta http-equiv="X-UA-Compatible" content="IE=edge">
From here:
Sometimes the Compatibility View
button isn’t displayed.
The button is located on the address
bar next to the ‘stop’ and ‘refresh’
buttons. There are a few cases where
there’s no action for a user take and,
thus, the Compatibility View button
will not show:
If you're viewing an
internal-to-Internet Explorer page
(such as about:InPrivate)
If you're viewing a page that has declared it's
"ready" for Internet Explorer 8
through use of the versioning
tag / HTTP header (it doesn’t matter
if this tag triggers Quirks, IE7
Standards, or IE8 Standards, the
button won’t be displayed)
If you're viewing an intranet page and you have
the ‘Display intranet sites in
Compatibility View’ checkbox selected
If you're viewing any webpage and you
have the ‘Display all websites in
Compatibility View’ checkbox selected
If you're viewing a webpage that is
included on the Microsoft-supplied
compatibility view updates list and
you have the ‘Include updated website
lists from Microsoft’ checkbox
selected
If you've toggled either the
‘Document Mode’ or ‘Browser Mode’
settings via the Developer Toolbar
So you're probably after the versioning tag / HTTP header which is described in more details in that blog post and over here.
If the "Display intranet sites in Compatibility View" or "Display all websites in Compatibility View" settings (found under Tools -> Compatibility View Settings) are enabled (as they relate to the website being viewed), then no matter what you have in the HTML of the document, the page will always be put in to some form of compatibility view.
This means that, even with in the document, you will still notice that the page is put in to compatibility view, and nothing you can do except disabling those settings will disable it, unfortunately.
As per this comprehensive MSDN article on Compatibility View, the following list describes different ways that enable Compatibility View:
You click the Compatibility View button in the Address bar when viewing a webpage. When displayed, this button appears to the left of the Refresh button and contains an image of a broken piece of paper. This enables Compatibility View for all documents in the domain of the website being viewed.
The "Display all websites in Compatibility Mode setting" in the Compatibility View Settings is enabled.
The "Automatically recover from page layout errors with Compatibility View" setting is enabled and a webpage stops responding or crashes the browser. When this happens, Internet Explorer opens the page in Compatibility View after recovering from the problem.
Group policies that identify sites to be opened in Compatibility View are enabled by the administrator of your computer.
You have used the F12 developer tools to change the browser mode to identify Internet Explorer as an earlier version of the browser.
The Compatibility View List is enabled, which defines a list of websites that are automatically displayed in Compatibility View.
To avoid/disable/override Compatibility View, you'll have to do the reverse of the actions suggested above.
The Compatibility View list is an XML file maintained by Microsoft.
To remove your site from the Compatibility View List (or to dispute
the removal of your site from the list), have the overall site owner
verify that the domain site appears in the Compatibility View List. If
it does, send an e-mail to iepo#microsoft.com that contains the
following information:
Owner name Corporate title Company name Street address Email address
Telephone number Website address
Microsoft will review the provided information and remove your site
from the Compatibility View List at the next scheduled update.
Below link was working fine in IE and it was showing menu bar properly
http://line25.com/wp-content/uploads/2012/css-menu/demo/index.html
But same content hosted on intranet, all links were displayed one below other instead of menu bar. Compatibility view button was not shown in address bar.
After below change, the menu bar got displayed correctly and compatibility view button got displayed in address bar.
Tools->Compatibility view settings->Uncheck "Display intranet sites in compatibility view"
Thanks a lot for this valuable input
I was having an issue with compatibility view, and it turned out some of my PHP files were being saved in UTF-8 character encoding, which I guess was confusing IE. The majority of the site files were saved in Codepage 1252.
Now, I set all the files to save as "Western European (Windows) - Codepage 1252" and my display issues went away.
The lesson here is, don't mix your character encodings.