Reputation: 4985
Only secure content is displayed
Our company website (ASP.Net 3.5) uses SSL to secure the checkout pages. Users are getting the "Only secure content is displayed" message at the bottom of IE. Many of them freak out and abandon their cart and we loose a sale. The secure contect is in a subfolder and IIS7 is configured to require SSL on that subfolder. I used the IE dev toolbar to try to see what causes this and get the following:
SEC7111: HTTPS security is compromised by http://www.myCompany.com/WebResource.axd?d=dJde0NlmEkubWa-RO0uUtg2&t=633833944103732959
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsd1bLH85MgJQdnNYNUNH1gAXPGD9gbk2fwYnJI-0eaw41&t=ffffffffa6437166
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsvkt8QvjGkHw2IYbLkF5RHr1t21TH0EEkLDcUGVpdxdE1&t=ffffffffa6437166
Login.aspx
We also had a bunch of offending javascript files but worked around those by copying them into the secure directory. That made Chrome and Firefox happy but we still get the message with IE.
How can I stop the popup and keep from scaring my customers away?
Upvotes: 5
Views: 17522
Answers (4)
Reputation: 732
Method1 : change all the Http link to https. Add proper html tags, openings and closing tags according to html5 standard.
if this is not solving the problem move to step 2 which helped me to solve the issue in SharePoint website.
Method 2:
I entered the build-in “Developer Console” feature of Internet Explorer 9 by hitting F12
I refreshed the SharePoint page by hitting F5
On the developer console these lines appeared:
Excellent – here I had the “root of the problem”
I hope this post helps others with the same problem
Upvotes: 0
Reputation: 29
Headache saver... thank you for mentioning IE developer tools. Like many I do most of my testing with firefox and leave IE to last (can't beat firebug!). BUT The way that they've improved IE I think I may be rethinking that strategy! After all most of the world still used IE too.
The developer tools found this line in my css that was giving me the security violations ... simply fixed by changing to https
@import url(http://fonts.googleapis.com/css?family=Gudea);
to
SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage
SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage
Upvotes: 2
Reputation: 41715
Just change those urls to https.
Now, those script resources look like they're automatically generated by .NET, so you may have to jump through some hoops to do that...
[Edit] Hoisting this up from my comment:
Some guy suggests changing the uri in global.asax on Application_BeginRequest
Upvotes: 4
Reputation: 4985
We ended up using SecuritySwitch http://code.google.com/p/securityswitch/wiki/GettingStarted, which works perfectly.
Upvotes: 1
Related Questions
- http content is showing in asp.net application
- non secure items on secure page
- How to disable "do you want to view only the webpage content that was delivered securely" warning?
- Load content over non-secure channel
- Do you want to view only the webpage content.... - https
- Site SSL content issue on Firefox and IE
- Resources not automatically loaded from Https - SecuritySwitch
- SSL Page Containing Elements that are not Secure
- HTTPS does not work - Secure and Non secure data on web page?
- Page contains both secure and nonsecure items