I have an ssl page that also downloads an avatar from a non-ssl site. Is there anything i can do to isolate that content so that the browser does not warn user of mixed content?
+2
A:
Just an idea - either:
- try to use an ssl url on the avatar website, if necessary by editing whatever JS/PHP/... script they provide, or:
- use your scripting language of choice to grab a copy of the avatar and store it on your server, then serve it from there.
Ninefingers
2010-03-26 22:19:03
+2
A:
There are a number of good security reasons for the browser to warn about this situation, and attempting to directly bypass it is only likely to set off more red flags.
Ninefingers' suggestions are good, and I would suggest a third option: you can proxy the content directly through your own server using a simple binary retrieve/transmit script, if it changes frequently and is unsuitable for caching.
Dan Story
2010-03-26 22:25:29
+1
A:
If all the content you want to include from foreign sites comes from a specific server and path (i.e. http://other.guy/avatar/*) you could use mod_proxy to create a reverse proxy which makes https://your.site/avatar_proxy/{xyz} mirror http://other.guy/avatar/{xyz} .This will increase your bandwidth usage and probably slow things down.
alex
2010-03-26 22:30:49