<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d8211560\x26blogName\x3dTech+Tips,+Tricks+%26+Trivia\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://mvark.blogspot.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://mvark.blogspot.com/\x26vt\x3d-5147029996388199615', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tech Tips, Tricks & Trivia

by 'Anil' Radhakrishna
An architect's notes, experiments, discoveries and annotated bookmarks.

Search from over a hundred HOW TO articles, Tips and Tricks


HOW TO prevent mixed content warning in web pages


What is a Mixed Content Warning?

This blog post explains it well:

HTTPS-enabled sites require all resources on the page, including the ads, to be SSL compliant to protect the user against man-in-the-middle attacks. If an HTTPS page loads an HTTP resource, the page is considered mixed content, and the browser displays a mixed content warning (like the padlock with warning triangle in Chrome). 

New browser releases like Firefox 23 are starting to block mixed active content (scripts) but still display mixed content warnings for mixed passive content (images).

The mixed content warnings vary in aggressiveness among browsers. 


One way for developers to fix this issue is by using a Protocol Relative URL.

A Protocol Relative URL is just like a regular URL except that you leave out the protocol prefix:
 //mvark.azure-mobile.net/client/MobileServices.Web-1.0.0.min.js

A protocol relative URL is just a URL without the scheme. For example //billpatrianakos.me is a protocol relative URL. These types of URLs are meant to be hit by a browser only. The point is that a browser can fetch a resource from whatever protocol the site is telling it to use.

You get the automatic use of HTTPS on secure pages and avoid the overhead of HTTPS on non-secure pages.

Labels: ,

Tweet this | Google+ it | Share on FB

« Home | Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »

»

Post a Comment