3

Love searching on Stackoverflow for answers, but this is my first post. Hopefully others find this useful as well!

I have a site that needs to be https because it hosts facebook apps. I have it set up (dedicated IP and SSL certificate) but when I visited it via https I get the following warning:

This page has insecure content.

I did some research and discovered this is a common issue. Fixing our internal files is not a big deal, but we rely heavily on outside resources, like the jquery library (which is http not https). I used the Protocol Relative URL method (can't post link because I'm limited to two hyperlinks, so see comment below) which seems to work for a lot of people. However, when I made the changes in Chrome, I still get this warning: [blocked] The page at https://www.greetfeet.com/ ran insecure content from http://code.jquery.com/mobile/1.1.0/jquery.mobile.structure-1.1.0.min.css

If I'm having this issue I can only assume that my customers will be as well. Any idea how to fix this?

Thanks!

Jeremiah Prummer
  • 182
  • 4
  • 18
  • Protocol Relative URL method found at: http://blog.httpwatch.com/2010/02/10/using-protocol-relative-urls-to-switch-between-http-and-https/ – Jeremiah Prummer Jul 21 '12 at 23:00
  • 2
    If your site must be HTTPS, then the "protocol relative URL" method is irrelevant. You won't be able to load insecure scripts/css on an HTTPS page, so you'll have to find a workaround like hosting them yourself. – gengkev Jul 22 '12 at 18:38
  • @gengkev Thanks for the help! The stuff I read said that you could just reference it as if it were https but that clearly wasn't working. – Jeremiah Prummer Jul 23 '12 at 15:29

2 Answers2

2

Google hosts commonly used libraries (including jQuery and jQueryUI) on HTTP and HTTPS both, e.g.:

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

(Use this whenever you can, your users might already have it in their browser cache, making your site load up faster.)

Other things you may need to host yourself unless reliably available for the public via HTTPS.

The protocol relative URL is only needed if your site is accessed via HTTP by some people and HTTPS by some other people: Making resource references "protocol relative" will make people request the resource using the same protocol they used to retrieve the referencing page itself. If your site is HTTPS-only, then you don't even need to use protocol-relative URLs, you can hard-code https:// everywhere. But it does not hurt, so you can use it nevertheless.

Szocske
  • 7,466
  • 2
  • 20
  • 24
-1

An https URL to JQuery? If it doesn't work, the problem is at the site, not in your code. If the site sends pages with http: URLs, non-relative, and you access it via https, you are engaged in mixed-content retrieval. Either don't visit those sites or don't use HTTPS.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Thanks for the reply, but I was just using that as an example. There are many sites that don't have https at all, and the only way to access their resources is with http. Do you know how to fix this issue? – Jeremiah Prummer Jul 22 '12 at 15:17
  • @JeremiahPrummer You can't fix it. The problem is at the site, not in your code. If the site sends pages with http: URLs, non-relative, and you access it via https, you are engaged in mixed-content retrieval. Either don't visit those sites or don't use HTTPS. – user207421 Sep 27 '12 at 08:20
  • 1
    @downvoter Unless you want your down vote to be construed as mere site vandalism, it is incumbent on you to explain what you think is wrong with this answer. – user207421 Sep 27 '12 at 09:59
  • @EJP [Ahem...](http://stackoverflow.com/questions/2137690/java-operator-precedence-guidelines/13353263#13353263) – Museful Dec 13 '12 at 10:26