Wednesday, September 21, 2011

This page contains both secure and nonsecure items Security Warning in IE


When you browse to a page through HTTPS, you may receive following Security Information warning message mostly in IE browser.



1) This normally occurs because some external references exist with blank URLs (iframes, images, stylesheets, etc) that are filled in later via Java Script.
These blanks refs can sometimes be the culprit because they are internally http objects when default and via script are set to a correct URL https.


For eg:
    <iframe id="iframeID" src="" > 
    </iframe >

Here, src attribute is kept blank.


Approach 1:
To fix this we can either set some blank.html file which will be an empty file to src attribute 

<iframe id="iframeID" src="blank.html">
</iframe>

Then through script we can set the correct URL.


Approach 2:
We can set the src attribute to javascript:'';
  <iframe id="iframeID" src="javascript:'';">
  </iframe>

2) Change all links to relative path.


if the images or scripts are located on the same domain, you can access them relatively, rather than absolutely:


For eg: 
  <img src="/images/header.gif"/>

Using this method, the browser will know that it must load the image securely if the web page is being loaded securely but it will also load the image normally if the page is not being accessed securely. This is likely the best method of gettingrid of the above issue.

No comments:

Post a Comment