ansaurus

Question

Why is Chrome reporting a secure / non secure warning when no other browsers aren't?

Answer 1

+1 A:

It is possible that a non-secure URL is referenced but not accessed (e.g. the codebase for a Flash <object>).

David Dorward 2009-07-06 15:26:13

Answer 2

A:

Check the source of the page for any external objects (scripts, stylesheets, images, objects) linked using http://... rather than https://... or a relative path. Change the links to use relative paths, or absolute paths without protocol, i.e. href="/path/to/file".

If all that if fine, it could be something included from Javascript. For example, the Google Analytics code uses document.write to add a new script to the page, but it has code to check for HTTPS in case the calling page is secure:

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

DisgruntledGoat 2009-07-06 15:57:28

Answer 3

+2 A:

Current versions of Chrome will show the mixed content's URL in the error console. Hit CTRL+Shift+J and you'll see text like:

"The page at https://www.fiddler2.com/test/securepageinsecureimage.htm contains insecure content from http://www.fiddler2.com/Eric/images/me.jpg."

EricLaw -MSFT- 2009-07-06 23:41:41

Also, keep in mind that you should flush your browser cache when doing testing like this, because a cached insecure resource request will not hit the network and thus won't be shown by proxy debuggers.

EricLaw -MSFT- 2009-07-06 23:44:31

Answer 4

A:

I have been unable to resolve this same issue with chrome. All other browsers show my site as secure, but Chrome shows there is something insecure on the site. Ive used the Developer Tools (ctrl+shift+j) and no luck all items are beeing loaded via https.

It isnt giving and bad error messages, but I want the ! to become a lock. If I figure it out I will repost.

willis 2010-05-30 13:51:30

Like Frank Edwards...Chrome simply is giving my site the lock now...LOL, just post here and chrom will magically fix itself. I did clear my cache, but I swear it still wasnt working. Then about 5 minutes later I went back to my site and it was completely secure.

willis 2010-05-30 14:02:47

It appears you cannot just clear your cache. You must close the browser window and open a new one. Then when you navigate to your site it will show the lock. Just weird that the cache would cause this problem. You would think that all images and scripts that are cached would be stored different for https vs. http, as a subdomain would. Peculiar.

willis 2010-05-30 14:06:32

Answer 5

+1 A:

A bit late to the party here but I've been having issues recently and once I had found a http resource and changed it was still getting the red padlock symbol. When I closed the tab and opened a new one it changed to a green padlock so I guess Chrome caches this information for the lifetime of the tab

2010-09-30 07:48:58

ansaurus

tags:

views:

answers:

Why is Chrome reporting a secure / non secure warning when no other browsers aren't?

related questions