Ask Leo! by Leo A. Notenboom

Can I get rid of the "This page contains both secure and nonsecure items" warning?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Web

Comments

All Comments on: Can I get rid of the "This page contains both secure and nonsecure items" warning?

Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.

Comment Page:  1  |  2  |  3  |  4  |  5  |  6 

I apoligize, My question was not clear enough for you to give me the answer I needed. I may have forgotten to mention that this notice isnt when I surf, but when I am answering emails online. It is when I op;en the email in the webmail box at Earthlink, always the message opens up a new window, then that window always asks the same question:

Can I get rid of the "This page contains both secure and nonsecure items" warning? Not that I'm aware of, and not that I would want to. Not being notified is, in fact, a security risk when visiting sites you don't already know and trust. For the sites you do trust ... the message results from bad site design on their part.


Thank you very much for taking the time to answer. I just used Netscape Mail today, and I noticed that it is not giving me that message there. Thank you again.

Posted by: Greg Pilcher at May 27, 2004 10:41 PM

Greg: if you're reading your email via a web interface, then my comment still applies. Your Earthlink web interface appears to be showing both secure and nonsecure items at the same time. That's bad design on their part.

Posted by: Leo at May 30, 2004 4:23 PM

Great question! I am using a site that hasn't been set up properly, and I get that annoying security message often!

I am posting the solution to the issue here. I always support giving people all the info there is, and just warn then that they are subverting a security option. Then the user can make their own decision.

There is a browser setting in IE6 to turn this off (not sure of earlier browsers). Check out Tools > Internet Options > Security > Custom Level > Miscellaneous > Display mixed content. By default its set to prompt, reset it to Enable.

Of course, there are other browsers out there .. Netscape (netscape.com) or Opera (opera.com) to name the two other most popular ones.

Peace,
Rees

Posted by: Rees at September 20, 2004 7:06 PM

Hi,
On this issue, I am working on the development side of a website and I get this error very often on that website. I know it must be related to the bad design on the website. Could some tell me how to fix it? Your help is very much appreciated.
Amy.

Posted by: Amy at October 7, 2004 10:39 AM

The typical design mistake is to pick up a graphic from a non-secure site. All graphics and other components need to come from the secure site.

Example: say http://example.com has a logo example.png. The secure site, https://store.example.com wants to use the same logo, and hence has an IMG tag that references http://example.com/example.png. Bingo ... non secure item on a secure site. Copy the logo to the secure site and load it from there.

Posted by: Leo at October 8, 2004 6:48 PM

I had the same problem. It was caused by a missing src attribute in the IFRAME tag. When you set the src, make sure it points to a real file.

Hope this seves somebody's time :)

Posted by: Nikolay at November 15, 2004 2:43 AM

1. Go to the top of your browser and click on Tools and select Internet Options.
2. Click on the Security tab
3. Click on the Custom Level button at the bottom
4. In that top box, scroll down to the Miscellaneous section (look for the Internet Explorer icons next to the topics) and find where it says "Display Mixed Content"
5. Click the Enable bubble to select that option
Disable--you will not see the message anymore, nor will the nonsecure items be displayed
Enable--you will not receive the message anymore, and the nonsecure items will be displayed on the page
Prompt--you will receive the message everytime a website has both secure and nonsecure items on it (this is the current setting in the browser that causes you to receive the message every time).
6. Once you have selected Enable, click on the OK button to close that window, and then click OK again to close the other window.
7. You may need to close your browser and then reopen it to see the changes take effect

Posted by: David at April 13, 2005 3:26 AM

That's all well and good, but as a developer, how can I tell which things are being picked up as non-secure so that I can correct the issue? I'm going over code from a previous developer and for the life of me I can't see any references to anything outside of our secure domain.

Posted by: DavidL at April 19, 2005 3:30 PM

Basically everything needs to be https ... something isn't. You might try firing up Firefox, and using the Web Developer extension ... it allows you to look at various bits of information including the paths of objects on the page.

Good luck!

Posted by: Leo at April 19, 2005 6:16 PM

for developers:

from a secure site .i.e https:// - where you reference the codebase for macromedia change the codebase="http://download.macromedia.com/pub/shockwave...... to codebase="https://download.macromedia.com/pub/shockwave..... and this will sort the problem out

Posted by: leigh at July 11, 2005 8:08 AM
Comment Page:  1  |  2  |  3  |  4  |  5  |  6 
Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.
Post a Comment

To post a comment on "Can I get rid of the "This page contains both secure and nonsecure items" warning?", please return to that article's main page.

Question? Ask Leo!

http://ask-leo.com/comments_001951.php
Copyright © 2003-2009 Puget Sound Software, LLC and Leo A. Notenboom

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure