masterpages and secure and nonsecure items warning

[Guest]

Hi guys!

I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?

Thanks in advance!

 

[Aidy]

Your page will be referencing items using http://. eg

<img src="http://www.someserver.com/someimage.jpg">

To get rid of the warning all items need to be retrieved via https. View
Source on your page and see what you are not getting via https

 

[Mark Rae]

I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?

The warning can be switched off in most browsers, but the users would have
to do that themselves - it's not something that the website can control.

Is there any reason that your MasterPage(s) can't also be in your site's
secure area...?

 

[Guest]

Yes, the (obvious) reason is... performance,

however I noticed that,
if someone navigates to e.g.:

https://www.ultraedit.com/store/customer/home.php?cat=269

there are no warnings,
while,
if you go to page's source,
there are "http" links

 

[Mark Rae]

Yes, the (obvious) reason is... performance,
Ahem...

however I noticed that,
if someone navigates to e.g.:

https://www.ultraedit.com/store/customer/home.php?cat=269

there are no warnings,
while,
if you go to page's source,
there are "http" links

Yes, that's right... If an https page has links to http resources, the
warning doesn't appear, but if an http page has links to https resources, it
does...

It's a security thing...

 

[Guest]

Yes, that's right... If an https page has links to http resources, the

warning doesn't appear, but if an http page has links to https resources, it
does...

It's a security thing...

The strange thing is that my page IS https (has http links however) and
still there are warnings!

 

[Aidy]

The strange thing is that my page IS https (has http links however) and

still there are warnings!

It is the http links that are causing the warning. What the browser is
telling you is that although the page's HTML has been received over HTTPS
not everything on the page has been retrieved over HTTPS so not everything
on the page can be guaranteed as secure.

 

[Mark Rae]

The strange thing is that my page IS https (has http links however) and
still there are warnings!

I must apologise - I got that completely the wrong way round...

If an http page has links to https resources, the warning doesn't appear,
but if an https page has links to http resources, it does...

 

[Guest]

so, what should I do,
convert all my links to https?

Then the problem would be,
in order to navigate to an external site (url),
if that isn't https,
the page would never open!

 

[Mark Rae]

so, what should I do,
convert all my links to https?

Yes, if you want the warning to disappear...

Either that, or move all of the images etc into the same site and use
relative addressing...

 

[Alan Silver]

so, what should I do,
convert all my links to https?

Then the problem would be,
in order to navigate to an external site (url),
if that isn't https,
the page would never open!

I think you're confusing links with resources.

If you load a page under SSL, then any resources loaded by that secure
page, such as images, stylesheets, Javascript files, etc must all be
loaded under SSL to avoid having the warning.

However, you can have external links, ie <a href="http://www.blah.com/">
that point to non-SSL URLs as these are not loaded with the page.

So, you only need to check that anything actually loaded by your page is
under SSL. Any external links are irrelevant.

HTH