Google MAP API does not work in https mode - google-maps

I have integrated Google MAP api into our application using Javascript but unfortunately it does not work in https mode until I click "Show all content" button displays in the bottom of IE. There is no problem with http mode. Please let me know how can I fix it.

are you including the Google MAP script in a protocol agnostic way or just using an http link? if you want to server both, the script pointing to google maps should be
<script src="//maps.googleapis.com/maps/api/js?v=3.exp&sensor=false"></script>
so that either http or https is used.

If you check the 'Enable Protected Mode' box under Internet Options > Security > Local Intranet this seems to have the effect of allowing the map to display in IE 8 and 9 for users on a corporate network.
This of course seems counter-intuitive, especially given the explanation in this link
but it has solved the problem for my users on many occasions. Not ideal, but worth a shot if you can recreate the problem and see if this is the fix.

Related

How can the Chrome Settings page be opened through a hyperlink?

I am building an app that requires the user to change a Chrome setting. It will be more convenient to send the user directly to chrome://settings instead of having them open it manually via the menu, but when I try and open it directly or through a hyperlink on a web page, it always goes to about:blank#blocked. I have tried this on Windows, MacOS, and ChromeOS (including through a link in a TextView in an Android app), but the result is the same. Is this possible, or is it completely blocked for security or some other purpose?
i'll save you the trouble and let you know its not possible, and yes you're right due to security reasons
For Chrome on my local machine chrome://settings/ works. Well surely not impossible but still not that easy maybe this helps
https://support.google.com/chrome/a/thread/11564174?hl=en

Get all images and css using Web Request (Network - Google Chrome)

I want to get the same results that Google Chrome get on his Network functionality Network Google Chrome. I found this, but i'm not sure if it works and how to use it. Basically i want to use that information to made a google chrome extension.
Any idea?
I think the chrome.devtools.network API would be better suited for your use.

How to use chrome extension methods in my asp.net page?

I have page where RSS icon is present. I want that when user clicks on RSS icon it will check in chrome browser that, whether that RSS reader chrome extension is installed or not
I am trying to achieve this by using chrome extension methods, mentioned here.
I tried something like this but it is not working:
var port = chrome.extension.connect("nlbjncdgjeocebhnmkbbbdekmmmcbfjd");
To use this API you need to be either an extension or a web application having the necessary permissions - normal web pages cannot access it. However, detecting whether an extension is installed in Chrome is still easy:
<script src="chrome-extension://nlbjncdgjeocebhnmkbbbdekmmmcbfjd/manifest.json"
onload="alert('installed')" onerror="alert('not installed')"></script>
This uses the fact that the extension's manifest.json file is located under a predictable URL and that web pages are allowed to load this URL. Of course, this isn't an officially documented approach but rather a loophole and a privacy issue. So be prepared for it to stop working in some future Chrome version. At the moment it works however.

Trying to diagnose a Google Maps/Safari Issue

Our site is able to be accessed through FF/IE/Chrome, etc. however when a user opens the site in Safari, it doesn't load the google maps box. It stays the grey loading color.
We use Google Maps v3 and geolocation to set the default position of the map, and if they deny location or something, we have a fallback to an IP service to center it somewhat close to them. Works everywhere but on Safari (multiple versions). It just hangs.
Any ideas at how I can diagnose this? I'm running Windows 7/XP so it's tough to do.
Thanks!
You can use the firebug lite version
and also have a try with the built-in developer tools.
This thread Debugging javascript in Safari for Windows says more about this.

How can you tell exactly what insecure items are causing a browser to warn about mixed secure and insecure items?

In Firefox, I view my site and get no warnings about insecure mixed content.
Using FireBug, I can see that every request is https.
In Chrome, I get the https crossed out in the address bar.
I viewed source in Chrome and then ran this regex /http(?!s)/ but the only things it found were the href attributes for some external links and the doc type and http-equiv meta tags.
Using Chrome's Resource Tracking revealed all requests were https too.
This includes Google Analytics, jQuery from Google's CDN and Facebook like scripts.
Is there any specific tool I can use to show non https requests, or anything further I can try?
I found that I get the "mixed content"-warning in Chrome even when there is no mixed content, if sometime during the session mixed content was already encountered on the domain.
(Also mentioned here: Why is Chrome reporting a secure / non secure warning when no other browsers aren't?)
In Chrome's Developer Tools, the Console tab shows the resources that it won't load because they unsecure.
You can add the "scheme" column to the Chrome developer tools network tab to show which requests were sent over http or https:
Press F12 to show the developer tools
Switch to the Network tab
Right click in the column headers and select "Scheme"
Reload the page to show which elements are loaded over http or https
In situations like this where it's helpful to see exactly which protocol is being used to load resources, I would recommend Fiddler2 as a browser-agnostic solution that can show you exactly what traffic is occurring on each request.
From the site:
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Edit: In-browser debugging tools are becoming really good so this third-party tool may not be as useful as it was when this answer was first written.
Open up the Web Inspector and find the yellow triangle (warning) in the top right. Click on it and it will display all security issues.
In 48-th version of chrome they added a security panel. Using it you can quickly identify the mixed content resources:
Do you have the HttpFox plugin for FireFox? That'd work, I think.
Among other things, it reports on the URL, Method, Result Code, and bytes of all the assets that a web page requests. It's what I've used to trap the occasional non-HTTPS graphic, etc. I'm sure the other suggested tools would do the same...
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for nonsecure includes - images, scripts and CSS.
(disclaimer: I'm one of the developers)
I know this post is old, but I ran across it and had the same issue. I clicked on the Chrome menu (top right corner), scrolled down to Tools> and selected Developer Tools. Clicked on the Console tab and it told me exactly what the problem was... the favicon was served over http, not https, but of course it was not in the page source code. Corrected the problem in my CMS, which loads the favicon without code in the page... and no more error!
Note that 'mixed content' and 'mixed scripting' are detected seperatly. Check this site for the meaning of the icons in Chrome: https://support.google.com/chromebook/answer/95617?p=ui_security_indicator&rd=1 (click 'see details' link).
Grey icon = mixed content, red icon = mixed scripting.