Images are not loading in https protocol - html

i have a website which as working perfectly through http, but when i have secured https protocol for that website url, then the images are not loading on site, if we make refreshing page once or twice it will displays images else page loading for long time with no images shows.

The images on your page need to be loaded through the same protocol as the protocol present in the link.
So in conclusion if the website is loaded through https, the images need to be loaded through https also and the other way around.

This can be an issue with the code or possibly a ssl error. Please Contact your server and ask them for an ssl certificate. It be something to do with your computer/browser.

Related

Odd Behavior on Image Size in HTTPS

I have been learning HTML and CSS and i am creating a WebSite there is a section where I add 3 images, and this images have an odd behavior when displaying.
when I access to the website on Samsung Internet under HTTP i get them as expected: like this
but when I access under HTTPS i get: this
I have notice that it works under HTTP and HTTPS on other browsers like chrome.
This issue is an instance of mixed content that occurs when HTML pages load over a secure HTTPS connection but link to resources (images, CSS, or JS) over an insecure HTTP connection. This is generally triggered by inputting an image within the page that runs over an HTTP connection. When you upload and post images but do not update the image links on the page after getting an SSL certification, the browsers will recognize them as insecure elements.
For your own domain, serve all content as HTTPS and fix your links. Often, the HTTPS version of the content already exists, and this just requires adding an “s” to links – http:// to https://.
For images hosted on other domains, use the site’s HTTPS version if available.
sitechecker

Insecure "video" over HTTPS

I have a site that is loading over HTTPS.
I have a HTML5 audio element on that site (currently a fallback for a Flash player), that is loading a Shoutcast URL. The Shoutcast URL is loading using a regular HTTP URL, because it doesn't seem to work using HTTPS.
However, Chrome is showing that the page includes elements that aren't secure, and when I check he console, I see this message:
Mixed Content: The page at 'https://mysite.com/' was loaded over HTTPS, but requested an insecure video 'http://shoutcasturl.com:8000/;'. This content should also be served over HTTPS.
Is there any way to get rid of the error in Chrome, so that the site shows up as fully secure, without any errors?
Shoutcast doesn't seem to work over HTTPS, though I don't think there's a certificate on that server for that FQDN anyway, but it doesn't seem like that adding a SSL certificate to the Shouutcast server will change anything.
Any ideas?
Thanks!
The only way to get rid of this warning is to load all external resources from secure locations. Since Shoutcast doesn't support SSL, your site will not be fully secure as long as you are loading assets directly from them.
See this question for some fairly complicated suggestions on getting around the issue.

rtmpt(e) stream on SSL Page

I'm developing audio streaming web service for PC browsers.
We want to use rtmpt(e) protocol for streaming with Flash plugin.
Main HTML page has https:// URL.
The problem is, when our SWF try to connect streaming server (via HTTP tunnelling), some browser (i.e. Chrome) shows warning on the secure icon in the URL bar:
Your connection to ???.???.com is encrypted with 128-bit
encryption. However, this page includes other resources which are not
secure. These resources can be viewed by others while in transit, and
can be modified by an attacker to change the look of the page.
and on the developer console:
The page at 'https://***.***.com/' was loaded over HTTPS, but displayed insecure content from 'http://stream.***.net/fcs/ident2': this content should also be loaded over HTTPS.
The page at 'https://***.***.com/' was loaded over HTTPS, but displayed insecure content from 'http://***.***.***.113/open/1': this content should also be loaded over HTTPS.
...
I think this is because Flash uses Browser's URL loading facility when accessing HTTP.
How can I avoid these warnings?
We don't want to use rtmp(e) because 1935 may be blocked by firewall on user environment, nor rtmps because our streaming server doesn't support it.
And We don't want to use http:// for main HTML because of requirement.
How can I avoid these warnings?
Fix the Mixed Content. Load everything over HTTPS.

HTTPS images not displaying on my localhost but going to the link shows the image

My browser is session authenticated with a website.
I am using their API to pull down images from the site so I can display them on my page.
Visiting that image url displays the image, putting it in an img tag does not:
<img src = "https://files.something.com/123123" />><!-- this doesn't show -->
arse<!-- this works -->
Any ideas on why? and how I might overcome it?
If I put in http for the link, it redirects to https any way.
There's two things worth bearing in mind here:
Your host is automatically redirecting to https. Is this deliberate?
I suspect that you're seeing coming up against cross-domain security, or that your server is actively refusing it.
To trouble-shoot: you'll want to find out what response you're getting from your images.
Open up either the 'NET' tab in Firebug, or 'Network' in Chrome Developer Tools and watch the page-load. I suspect you're going to see those images come through red with an error number. Once you've got that it's very easy to trouble-shoot why the server's refusing to serve the images.

Partial SSL in Chrome

Visiting my site in SSL and in Chrome (12.0) I get
Your connection to someWebsite is
encrypted with 256-bit encryption.
However, this page includes other
resources which are not secure. These
resources can be viewed by others
while in transit, and can be modified
by an attacker to change the behaviour
of the page.
The connection uses TLS 1.0.
The connection is encrypted using
AES-256_CBC, with SHA1 for message
authentication and DHE_RSA as the key
exchange mechanism.
The connection is compressed with
DEFLATE.
I searched with FireBug (NET tab) and Chrome Inspector and all resources are accessed via https. Where is the problem? *I cleared the cache already
What could be the problem?
Chrome will give this error if you've visited another https page on the same domain that had mixed content however this should not be the problem if you've tried clearing your cache.
You might want to try Ctrl-Shift-J for the JavaScript console, it should show the insecure content.
I have the same thing - and I read from the Google Chrome help site that elements on the site are not encrypted - like videos. I looked via Firefox - right click->View Page Info->Media tab and saw that every time I use a YouTube video in my video player I have plain http addresses like:
http://s.ytimg.com/yt/swfbin/watch_as3-vflrEm9Nq.swf and
http://img.youtube.com/vi/V6JgyNy59yA/1.jpg
I think these non https links are causing the security message site-wide. Thus, it appears using videos from 3rd party sites will always throw a security error in Google Chrome for https pages.
That's my answer - but I have no solution yet. I need to be able to share videos from youTube in our news section, but my online store section needs to use https without scary red letters and slashes through it for my clients.
Has anyone dealt with this effectively?
Thanks
Had the same problem on my Magento Site. Be sure to change all image and js links (even in .css) from http:// to simply //. Solved it for me.
I had the same issue, my problem was that some img tags had src to http instead of https, it does not matter even they link to other domain like <img src="http://otherdomain.com/image.jpg" /> it still shows that warning. As soon as I changed all internal and external img links to https the warning disappeared.
If you check the page and it seems to have no insecure content, check to make sure that something on the page is not submitting data to an insecure location.
Content should be submitted over HTTPS, not HTTP.