Click here to Skip to main content
11,429,382 members (68,942 online)
Click here to Skip to main content
Technical Blog

Two notes on Mixed security warnings

, 10 Mar 2012 CPOL
Rate this:
Please Sign up or sign in to vote.
When deploying and testing websites that use secure connections (SSL)  we might get warnings about non secure content on the page. This is usually an easy thing to fix. Sometimes, a bit tricky.

When deploying and testing websites that use secure connections (SSL)  we might get warnings about non secure content on the page. This is usually an easy thing to fix. Just find a tool like "Fiddler" and find out what traffic is going over a regular HTTP (non secure) channel. 

Sometimes even a simple FIND over the code will let you find those "unsecured" elements. But that's not enough if you refer some javascript or refer a link over SSL that then does some non-SSL redirection. Each browser has a similar way to show you how secure you are on a website. Google Chrome shows website security indicators (icons) that will appear next to your site URL in the toolbar.



The first one (1) is just a regular site with no SSL, and we want number (2) the green one, you should avoid the other ones. Now two notes on that.

Google Ads
Don't use Google Adsense on your website if you use SSL and you care about your site not showing any warning, the ads will be functional, but they cause your site to display the fourth (4) indicator.

And that won't look very professional. It will give the impression that the certificate is not valid or that the user is at risk on your site, even when might be not true, because "you" the developer knows that is just an Ad, the user is not a developer. So avoid this.

Note: even if the ads are only in one page, once the browser hits that page, will show the warning, and even if you navigate away from that one, and go to other pages on the site without ads, it will still show the warning. 

Silverlight "medallion"
There is nothing wrong with Silverlight itself when it comes to security, however, the default code you place on a page when adding a Silverlight element, contains a link to Microsoft that will later redirect a non secure URL. The content on that URL is an image. Is the "Download and Install Silverlight" image.

In this case the warning from the browser is the number three (3), while is not critical, is not good enough. The line causing the problem is this one:
<img src="http://go.microsoft.com/fwlink/?LinkId=161376" alt="Get Microsoft Silverlight" style="border-style:none"/>


Don't bother changing the source of the image from http to httpS, it won't work. Instead, just download the image and host it yourself with your site.

<img src="/imgs/SLMedallion_ENU.png" alt="Get Microsoft Silverlight" style="border-style:none"/>  


Now the site won't show any warnings on any browser. Of course the Silverlight medallion will be the one you downloaded and not decided by Microsoft based on the culture. But security goes first...

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Leonardo Paneque
Architect
United States United States
Leonardo loves to code with C# on any platform and OS.
He has a Master degree in Computer Sciences and likes to share code and ideas.
Follow on   Twitter

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150428.2 | Last Updated 11 Mar 2012
Article Copyright 2012 by Leonardo Paneque
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid