Avoiding mixed content messages in IE

Question

We have a secure website (SSL) in which we want to make calls to google's map server. The map server is http not https and every time there is a refresh of this screen (every minute for us) IE pops up its annoying mixed content message (trying to view a site with secure and non-secure info).

What I am looking for is a way around this. For example, is there a way to proxy the request so that our internal request is https but the other side of the proxy is not secure? I'm trying essentially to spoof the data to trick the browser.

Any ideas here? The actual security of the end point is less important than avoiding the error message itself.

Thanks! Don

Answer 1

remove runat="server" from head, where you are using code to link API to your page

Answer 2

Here's the problem with that. Even though the API is SSL the thumbnail images the map has for locations are NOT ssl. So you can still get a message.

Answer 3

As of March 2011, the Google Maps API is available to everyone over SSL:

http://googlegeodevelopers.blogspot.com/2011/03/maps-apis-over-ssl-now-available-to-all.html

Answer 4

There is a way to suppress this at browser level, which might not be desirable for you, but I thought I'd throw it out there. In IE, Tools | Internet Options | Security | Internet Zone | Custom dialog box, you can set the "Display mixed content" to Enable. It's probably on prompt right now. Again, this is a single user browser level setting, so probably will not work for you. This does open up a lot of problems security wise though, and most admins will not do this (DNS poisoning, m-i-m etc).

Your second option is to become a premier customer: http://code.google.com/apis/maps/faq.html#ssl

Your third option is to use Virtual Earth - which supports native SSL w/o any strings

EDIT see similar question: here