CODEWITHSUNDEEP
javascriptjquerygoogle-chromehttpsgoogle-chrome-console
user2881809
user2881809

Reputation:

... this content should also be loaded over HTTPS

Good day.

Site https://mult-privet.com/

In my Chrome console, I see this error:

[blocked] The page at 'https://yandex.st/share/ya-share-cnt.html?url=
https%3A%2F%2Fmult-privet.com%2F&services=yaru,
vkontakte,facebook,twitter,odnoklassniki,moimir' 
was loaded over HTTPS, but ran insecure content 
from 'http://connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F': 
this content should also be loaded over HTTPS.

Why should this URI also be loaded over HTTPS ?

Why am I getting this error, and how do I remove it?

Upvotes: 17

Views: 23098

Answers (3)

modulitos
modulitos

Reputation: 15814

Why you are getting this error

Quentin's answer explains this pretty well. I would clarify that you are getting a mixed content error.

How to fix this error

Although Quentin's answer offers the most ideal fix, it is sometimes more convenient to solve mixed content errors using a protocol-relative URL, where the http[s]?: prefix is removed from the URL. For example, change this:

http://connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F

to this:

//connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F

by removing the http: prefix. It will let the browser determine the protocol. When using the protocol relative URL in the above example, if you are on an SSL encrypted page the browser will access the https://connect.odnoklassniki... URL, and on a non-SSL page, it will access the http://connect.odnoklassniki... URL, assuming that both protocols work for the URL.

There are, however, some pitfalls in using protocol-relative URLs, like ensuring that the server behind the URL is capable of serving both http and https protocols. This SO post addresses more reasons to use protocol-relative URLs.

Upvotes: 6

Leo Zhang
Leo Zhang

Reputation: 3230

On the right side of the Chrome address bar, click on the shield icon, then click "Load unsafe script". Done!

enter image description here

Upvotes: 19

Quentin
Quentin

Reputation: 943216

Why this content should also be loaded over HTTPS ?

Because:

  • if you have unsecured content being injected into an otherwise secure page, the unsecured content can be intercepted, replaced and thus render the secure content insecure
  • the browser can't honestly continue to tell the user that the page is secure when parts of it are not

Tell me please why i get this error

You are loading HTTP without SSL content into an HTTP with SSL page.

and how remove this?

Use HTTPS for everything on the page.

Upvotes: 9

Related Questions