How to serve static content without https in a secure site?

https internet-explorer
5,214

Internet Explorer and I think some other browsers will warn a user when the assets for a site using the https protocol are served from http. The first best solution is to allow your static asset server to serve secure content and have your site use a consistent protocol. The second best solution is going to be to create a page on your secure site that is a proxy, basically you need to create a dynamic page that calls the external page or asset, and returns it through that proxy. How that page is written depends on what dynamic programming language is available to you on the secure server.

Basically IE has a legitimate security issue with mixing protocols. It knows it can trust the https server, but does not trust the http one.

Share:
5,214

Related videos on Youtube

licorna
Author by

licorna

Flutist and programmer.

Updated on September 17, 2022

Comments

  • licorna
    licorna over 1 year

    I want to serve static content from my site but my site is https-only. My static http server only serve http content (non https) but many IE users are complaining about being unable to log into.

    What do I need to do? Should I add https to my static-content http server?

  • nedruod
    nedruod almost 14 years
    Other browsers degrade in less noisy fashions for mixed content, often modifying the behavior of the 'padlock' icon that only half of the Internet population pays attention to. I agree that IE is doing 'the right thing (TM)' by throwing an obvious warning. It is correct, some elements were sent securely, some were not.
  • Metalshark
    Metalshark almost 14 years
    The sooner there is native support to block cookies to HTTP when using HTTPS the sooner this message can disappear and stop causing problems. Its not like the additional HTTP headers are even wanted for the static content that is served away from the HTTPS page.
  • Bruno
    Bruno about 12 years
    @Metalshark: it's far more than about cookies. When you look at an HTTPS page, you want to be able to trust everything it says. Someone could forge an image and replace what it shows/says, for example. You also want to link to trusted, non-altered scripts.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

@Font-Face won't load via https in IE
jQuery.load(), mixed HTTP/HTTPS and Internet Explorer
Identify "non-secure" content IE warns about
How to accept a HTTPS server's invalid certificate in a given client machine?
Why Google is no longer working with IE 6.0 SP1 in 2016?
Certificate error with Internet Explorer 9
Cookie not send in IE, when used in an IFrame from another domain
Prevent Internet Explorer from caching SSL client certificates
What makes the address bar in IE turn green?
IE https CORS XHR request fails with Script7002: XMLHttpRequest: Network Error 0x2eff