SSL Nonsecure Items Prompt

views:

answers:

+1 Q:

SSL Nonsecure Items Prompt

Hi Everyone,

Would you happen to know of any tools that can be used to find which item on a webpage is causing the following prompt, "This item contains both secure and nonsecure items. Do you want to display the nonsecure items?"

I have a web based program, programmed in classic asp. On an SSL site, we are getting the above prompt. After searching all of my code, I have varified that there are no calls using http. The next step in the troubleshooting process would be a tool that can find the nonsecure item for me.

Any suggestions on a tool would be great

Thanks, Brian

You can use Fiddler to see all the the HTTP requests made by the page.

SLaks 2010-03-04 16:48:11

I have actually tried Fiddler already and it is a fantastic tool to use, but unfortunately it did not uncover the culprit in this mystery. Thanks for the suggestion though.

Brian 2010-03-04 17:24:59

Did you click Yes first?

SLaks 2010-03-04 17:28:41

Also, try clearing the IE cache first.

SLaks 2010-03-04 19:48:34

When we ran Fiddler, we did a few different things. We first ran it and checked to see what file it was on when the prompt first showed. It was not consistant on the file. Next we let the prompt show and clicked no to see if a file was missing, and could not find anything. Lastly, we cleared all IE cache and did it again with the same results.

Brian 2010-03-04 21:00:39

Firebug for Firefox will show you all the requests made on a page - a simple look through for which ones are http and which ones are https should do the trick.

ceejayoz 2010-03-04 16:52:45

I have used Firefox and there were not calls to http: in the list that it gave me.

Brian 2010-03-04 17:27:39

Any absolute URLS that don't start with https:// will trigger that message.

Do you have any references to about:blank anywhere? about:blank won't show up in Firebug, because it's not making a connection to anything.

Christopher Parker 2010-03-04 17:45:49

Hi Chris,I do not have any absolute URL calls. All calls are like so, "../Graphics/Users". Also, I searched all pages for "about:blank" and it returned 0. I have explored so many options for finding the root cause of this prompt and I have come back empty handed on all of them.

Brian 2010-03-04 18:16:27

What about CSS? Are any stylesheets loading images over `http:`?Does anything break when you click "No" on the prompt?

Christopher Parker 2010-03-04 19:13:26

We were thinking CSS, but when 'no' is clicked on the prompt, the page is rendered correctly. There is nothing missing. This is a huge mystery.

Brian 2010-03-04 20:03:29

Is your Web application accessible from the Internet, or is it just on a firewalled dev box at the moment?

Christopher Parker 2010-03-05 15:14:07

This may be helpful to you: http://weblogs.asp.net/rchartier/archive/2008/03/12/ie7-this-page-contains-both-secure-and-nonsecure-items.aspx

Christopher Parker 2010-03-05 15:20:01

+2 A:

After searching through all the code again, I discoverd an IFRAME that had a missing source. I gave all the IFRAME's a source of "javascript:false" and the warnings no longer appear. Thanks for everyones help on this!!

Brian 2010-03-09 16:06:54

D'oh! Glad you were able to figure it out.

Christopher Parker 2010-03-11 00:02:25

ansaurus

tags:

views:

answers:

SSL Nonsecure Items Prompt

related questions