Reputation: 13756
How do I mix ssl with non-ssl content?
I have an ssl page that also downloads an avatar from a non-ssl site. Is there anything i can do to isolate that content so that the browser does not warn user of mixed content?
Upvotes: 1
Views: 1230
Answers (3)
Reputation: 5201
If all the content you want to include from foreign sites comes from a specific server and path (i.e. http://other.guy/avatar/*) you could use mod_proxy to create a reverse proxy which makes https://your.site/avatar_proxy/{xyz} mirror http://other.guy/avatar/{xyz} .This will increase your bandwidth usage and probably slow things down.
Upvotes: 1
Reputation: 10155
There are a number of good security reasons for the browser to warn about this situation, and attempting to directly bypass it is only likely to set off more red flags.
Ninefingers' suggestions are good, and I would suggest a third option: you can proxy the content directly through your own server using a simple binary retrieve/transmit script, if it changes frequently and is unsuitable for caching.
Upvotes: 3
Reputation:
Just an idea - either:
- try to use an ssl url on the avatar website, if necessary by editing whatever JS/PHP/... script they provide, or:
- use your scripting language of choice to grab a copy of the avatar and store it on your server, then serve it from there.
Upvotes: 5
Related Questions
- How to deal with mixed content in a website which should be secured as https?
- Loading http content on https website
- Help with SSL Vulnerability (Mixed Content)?
- Mixed content - SSL http/https issue
- Getting around https mixed content issues?
- SSL and mixed content due to CSS background images
- Unsecure content over https
- mixing http and https
- Mixing secure and not secure content in mobile web app
- how to make a page use ssl?