1

I have a site with all secured content. Everything is loaded using https. I have verified this using fiddler2, the built-in debugger, and the DebugBar plugin. Nothing is loaded using http. Nonetheless, I am still getting the "Do you want to view only the webpage content that was delivered securely?" when I try to load the page in IE8. My users are complaining and I don't have a clue how to fix this. They are not computer administrators and cannot change the security policy for IE on their machines.

datadamnation
  • 1,802
  • 3
  • 16
  • 17
  • 2
    Check for javascript that makes requests, iframes, and also check for redirected items. There must be something there not using https, have a break and then come back to it. I've been in a similar situation, went for a pint and then found the offending item straightaway:) – Geezer68 Jan 22 '14 at 21:49
  • [This](http://stackoverflow.com/a/34094617/2404470) maybe useful for end users – Zameer Ansari Dec 11 '15 at 09:13

2 Answers2

1

I figured out the problem and figured I'd post it here in case anyone else ever comes across this issue. The problem is that IE8 was treating the CSS background property with a relative URL as unsecure. So I had something like this:

.SomeRule
{
    background: url('/SomeFolder/SomeImage.png') 95% 50% no-repeat;
}

and I had to change it to this to make the warning go away:

.SomeRule
{
    background: url('https://www.SomeSite.com/SomeFolder/SomeImage.png') 95% 50% no-repeat;
}
datadamnation
  • 1,802
  • 3
  • 16
  • 17
  • I encountered the same thing. Using `background:url('/img/copy.gif')` results in this mixed content error using https. Did you find a solution to this? Without having to hard code it to "h t tp s://mydomain/img/copy.gif" – A.W. Sep 29 '15 at 11:25
0

I had a similar problem with a WordPress site where I recently added SSL. Obviously, something was being loaded with HTTP protocol, but what?

First, I checked the obvious:

  • I checked embedded page and post images for fully qualified paths using http protocol.
  • Then I checked links relative to the root as #datadamnation suggested in his solution.
  • Next I looked in my CSS to see if a background image URL used the http protocol.
  • I checked my plugins and my plugins CSS.
  • I checked the content in the sidebar widgets.
  • I checked the images loaded in the carousel slider.

Finally, I checked the theme's header image. When I looked at it using Firebug, I could see that it was still using http. To correct it, I had to remove the WordPress header image, and then add it back again and save. Refresh the page, and now the mixed content warning message is gone! It would have saved me a couple of hours of trial and error if I had done this first, so maybe you'll read this and save yourself some time.

Joe N
  • 51
  • 1
  • 7