 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / June 2007masterpages and secure and nonsecure items warning
Hi guys! I use masterpages for my website, the inside content is secured (https), while the header and the footer master files are not, so, can I get rid of the "This page contains both secure and nonsecure items" warning? Thanks in advance! Your page will be referencing items using http://. eg <img src="http://www.someserver.com/someimage.jpg"> To get rid of the warning all items need to be retrieved via https. View Source on your page and see what you are not getting via https > Hi guys! > [quoted text clipped - 5 lines] > > Thanks in advance! > I use masterpages for my website, > the inside content is secured (https), > while the header and the footer master files are not, > so, can I get rid of the "This page contains both secure and nonsecure > items" warning? The warning can be switched off in most browsers, but the users would have to do that themselves - it's not something that the website can control. Is there any reason that your MasterPage(s) can't also be in your site's secure area...?  Signaturehttp://www.markrae.net Yes, the (obvious) reason is... performance, however I noticed that, if someone navigates to e.g.: https://www.ultraedit.com/store/customer/home.php?cat=269 there are no warnings, while, if you go to page's source, there are "http" links > > I use masterpages for my website, > > the inside content is secured (https), [quoted text clipped - 7 lines] > Is there any reason that your MasterPage(s) can't also be in your site's > secure area...? > Yes, the (obvious) reason is... performance, Ahem... > however I noticed that, > if someone navigates to e.g.: [quoted text clipped - 5 lines] > if you go to page's source, > there are "http" links Yes, that's right... If an https page has links to http resources, the warning doesn't appear, but if an http page has links to https resources, it does... It's a security thing... Signaturehttp://www.markrae.net > Yes, that's right... If an https page has links to http resources, the > warning doesn't appear, but if an http page has links to https resources, it > does... > > It's a security thing... The strange thing is that my page IS https (has http links however) and still there are warnings! > The strange thing is that my page IS https (has http links however) and > still there are warnings! It is the http links that are causing the warning. What the browser is telling you is that although the page's HTML has been received over HTTPS not everything on the page has been retrieved over HTTPS so not everything on the page can be guaranteed as secure. >> Yes, that's right... If an https page has links to http resources, the >> warning doesn't appear, but if an http page has links to https resources, [quoted text clipped - 5 lines] > The strange thing is that my page IS https (has http links however) and > still there are warnings! I must apologise - I got that completely the wrong way round... If an http page has links to https resources, the warning doesn't appear, but if an https page has links to http resources, it does... Signaturehttp://www.markrae.net so, what should I do, convert all my links to https? Then the problem would be, in order to navigate to an external site (url), if that isn't https, the page would never open! > >> Yes, that's right... If an https page has links to http resources, the > >> warning doesn't appear, but if an http page has links to https resources, [quoted text clipped - 10 lines] > If an http page has links to https resources, the warning doesn't appear, > but if an https page has links to http resources, it does... > so, what should I do, > convert all my links to https? Yes, if you want the warning to disappear... Either that, or move all of the images etc into the same site and use relative addressing... Signaturehttp://www.markrae.net >so, what should I do, >convert all my links to https? [quoted text clipped - 3 lines] >if that isn't https, >the page would never open! I think you're confusing links with resources. If you load a page under SSL, then any resources loaded by that secure page, such as images, stylesheets, Javascript files, etc must all be loaded under SSL to avoid having the warning. However, you can have external links, ie <a href="http://www.blah.com/"> that point to non-SSL URLs as these are not loaded with the page. So, you only need to check that anything actually loaded by your page is under SSL. Any external links are irrelevant. HTH SignatureAlan Silver (anything added below this line is nothing to do with me) Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.