We have recently secured a web application with certificates so as to use https. Let us call this WebApp-A. This WebApp-A runs on port 8081. There is another server running at port 8744 on the same box which does not use https. Let us call this WebApp-B. A page on WebApp-A has links to pages on WebApp-B. The links that point to WebApp-B on WebApp-A page start with http and not https as expected. Note that domain for the both are same except the port number. Now the problem we are facing is, when a user clicks on a WebApp-B link on the WebApp-A page, which uses https, it takes to a https url for WebApp-B too, despite source showing the url to start with http. This behavior is seen on Chrome and Firefox, but not on IE. The behavior is inconsistent too. Sometimes it takes to https and sometimes to http. Things work when the URL goes to http but not when it goes to https. Can someone explain this inconsistency?
Related
I have been learning HTML and CSS and i am creating a WebSite there is a section where I add 3 images, and this images have an odd behavior when displaying.
when I access to the website on Samsung Internet under HTTP i get them as expected: like this
but when I access under HTTPS i get: this
I have notice that it works under HTTP and HTTPS on other browsers like chrome.
This issue is an instance of mixed content that occurs when HTML pages load over a secure HTTPS connection but link to resources (images, CSS, or JS) over an insecure HTTP connection. This is generally triggered by inputting an image within the page that runs over an HTTP connection. When you upload and post images but do not update the image links on the page after getting an SSL certification, the browsers will recognize them as insecure elements.
For your own domain, serve all content as HTTPS and fix your links. Often, the HTTPS version of the content already exists, and this just requires adding an “s” to links – http:// to https://.
For images hosted on other domains, use the site’s HTTPS version if available.
sitechecker
I'm developing a small web app (bootstrap + jquery + nginx + api backend) and today I stumped upon a peculiar error in Chrome, on Ubuntu 16.04.
Mixed Content: The page at 'https://localhost/data/' was loaded over
HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://adxk.net/blacklist_tds.php?url=https%3A%2F%2Flocalhost%2Fdata%2F&ref=https%3A%2F%2Flocalhost%2Foverview%2F&country=PL'.
This request has been blocked; the content must be served over HTTPS.
My page serves all content via https and I'm not making this request.
Firefox doesn't seem to do this request.
What (the heck) is adxk.net?
This sounds like the work of a dodgy Chrome Extension to me. Developers can use the chrome.webRequest API to intercept web requests from your tabs and redirect them somewhere else. I recommend you take a look at what you have installed at chrome://extensions/.
If in doubt, create a new Chrome profile by clicking your name in the top right corner, then 'Switch person', then 'Add person'. This will completely isolate you from any rouge extension/plugin.
I encountered my 2 browsers (IE 11 and Firefox) running on Windows 7 display blank page contents if I entered Http URL like Http google website but if I entered Https URL like Https google it works perfectly fine as usual, all contents displayed out. I also noticed the problem only happened when I was using my mobile data plan hotspot. If I use another network connection both Http and Https work fine. Could it be the some setting I accidentally changed and caused the issue? Please advice.
i have a website which as working perfectly through http, but when i have secured https protocol for that website url, then the images are not loading on site, if we make refreshing page once or twice it will displays images else page loading for long time with no images shows.
The images on your page need to be loaded through the same protocol as the protocol present in the link.
So in conclusion if the website is loaded through https, the images need to be loaded through https also and the other way around.
This can be an issue with the code or possibly a ssl error. Please Contact your server and ask them for an ssl certificate. It be something to do with your computer/browser.
I have bought comodo certificate for my site to have https link and has 128bit ssl encryption.But it still says my site is not secure.When I checked the ssl verifcation of my site,it says everything is secure
http://i.stack.imgur.com/EnVH9.png
this is how it shows. Is it because my site have external links to http ? Or what are all the mandatory things to be done in my webpage to have the https in green and have full secure identification ? Why does it says that my page has "Other resources which are not secure,these resources can be viewed by others in transit and can be modified by an attacker to change the behaviour of the page?
what can be this "other resources" which are not secure??
This is because you are making cross-protocol requests. You likely have embedded content with http, such as <img src="http://mydomain.com/myimage.jpg">, if that is the case, let the browser resolve the protocol for you by change the requests to <img src="//mydomain.com/myimage.jpg">. Doing that will allow the current page protocol to be used when resolving the document. Note, it might not be your content, you might have other embedded content such as analytics, but in general, you cannot mix protocols when in https.