8

We are looking for solution to resolve strange IE browser behaviour when Mixed Content Warning Dialog appears.

We develop a video platform based on Silverlight 5. The site relies on the HTTPS protocol, but video content is being transmitted via HTTP. Therefore the "Mixed Content" dialog appears.

But when user starts to interact with this dialog (like moving it around) or tries to click on application area IE freezes:

enter image description here ​ And this very much upsets our users as they can not switch the setting "Display Mixed Content: Prompt".

Sometimes IE opens the "Mixed Content" popup in the background and users cannot understand at all what happens because they cannot access the application and then the browser crashes.

I cannot share link to the application, but the same issue appears at the following site: https://demos.telerik.com/silverlight/

Also we created a test app without complex logic using pure SL 5. It just downloads a picture from HTTP host, then the "Mixed Content" dialog appears, and then when users taps to app area or try to move dialog, IE hangs.

So, the questions are:

  1. Is this a known native bug of IE or Silverlight and it is impossible to fix or workaround?
  2. Otherwise, how we can fix this issue in our app?
Spontifixus
  • 6,570
  • 9
  • 45
  • 63
Alex Karlovich
  • 81
  • 4

2 Answers2

1

The best thing to do would be to eliminate all insecure requests to HTTP resources as follows:

  1. Run Fiddler on the machine with the Silverlight app running and capture all HTTP(S) traffic.
  2. Visually scan for all insecure requests generated from the application (requests to HTTP URLs)
  3. Update all code in the Silverlight app to retrieve content from HTTPS secure URLs only.

Once this is complete, you will no longer be receiving "Mixed Content" messages because all of your content will be served over HTTPS.

As an FYI, the answer here contains a nice visual on how to do this:

Fiddler Insecure Content

Community
  • 1
  • 1
dana
  • 17,267
  • 6
  • 64
  • 88
  • That solution might be not suitable in cases when 3rd parties provide some content. But they cannot provide content via HTTPS. – Alexander Stepaniuk Sep 30 '15 at 19:12
  • If the video streaming service that you are using does not support HTTPS, I would consider using another one. The 3 big providers that I know of (Vimeo, Birghtcove, and YouTube) all support this. The alternative would be to host the Silverlight app on an insecure URL. Those are unfortunately the rules when dealing with mixed content. – dana Oct 01 '15 at 03:30
0

Based upon your earlier reply that third parties might be providing content in insecure fashion, then accessing the security settings of the browser and globally turning off the mixed content warning might be acceptable.

Internet Options -> Security -> Internet -> Custom Level->Display Mixed Content.

https://wiki.canisius.edu/display/hd/Eliminate+Internet+Explorer+Mixed+Content+popup

Reenactor Rob
  • 1,508
  • 1
  • 11
  • 20