Quick tips for https connection (Non secure content warning – IE)

by Mr Me on May 18, 2010 in html, webworld

browsers_dhtml

If you are using https pages or some of the pages (payment pages etc) in your website, keep the following in your mind. In some browsers especially IE shows warning of non-secured content in secured page. This cause user the feeling that the website is not secured.

Use relative url always. Relative URL means those without starting with http:// or https://, instead use relative url.
If you need to use full url, use dynamic base name in with your programming language.For example in PHP, define BASE_URL = http://www.yoursite.com and use this variable in every links and forms. Change the BASE_URL value between http and https depending upon the protocol ($_SERVER['HTTP_HOST'])
Check inside javascript function whether it is calling any non-secured url. (For example, sometime you may use full url inside Javascript). Check using if condition to decide, which protocol to use, like what Google Analytic does.
eg: (“https:” == document.location.protocol) ? “https://ssl.” : “http://www.”);
Check if there is any flash content which tries to load data from non-secured url. There is a chance to load some xml configuration files using http protocol
Also change the codebase parameter value in object tag (flash or other media) whether it is pointing http or https url. There is a chance for this url in flash content.
codebase=”http://download.macromedia.com/pub/shockwave /cabs/flash/swflash.cab#version=9,0,115,0″
Change this url to https://downoad…
If you are using facebook connect or such integration, check the javascript initialisation code.
FB.init(“78bc8ffb87c41eabb6395a2045c76021″, “/xd_receiver.htm“);
Inside the xd_receiver.htm file, the cross platform callback will be non secured url (http)
Change this to xd_reciver_ssl.htm and use new code, which is available in Facebook documentation

Tools like Fiddler can be used to check which url is non-secured. Firebug cannot show all non-secure connections. If the above steps do not solve your problem, try disabling javascript files one by one to point out which call is making the problem. Also try this by disabling Flash objects one by one.

Good luck guys

Cheers

Sajith

1 Comments alert, Browser, featured, http, https, https warning, ie, non-secure content, protocol, safety, security, warning

One Response to “Quick tips for https connection (Non secure content warning – IE)”

pest June 29, 2011 at 4:48 pm #

once they login to Facebook.

Reply

About the author

Specialising in PHP, MVC, Agile, LAMP and iPhone Application Development, Sajith has over 5 years experience in the web programming industry during which time he has had his work featured in high profile lists on sites like Mashable. He was a talented and efficient member of the Cyber-Duck programming team, working alongside some of the best in the industry. Co-Founder of MobMe Wireless Pvt Limited, Sajith also has considerable experience in successful business management, having helped to excel the company to become listed as one of the "10 startups to watch in 2008" by the Wall Street Journal and by NASSCOM as one of the "100 most innovative companies in India", joining others like Texas Instruments, Tata Consultancy Services, Satyam and IBM. This technical blog is started three years before which now receives more than 120,000 visits each month and has more than 4000 subscribers.