tags:

views:

58

answers:

3
+2  Q: 

Page contains both secure and nonsecure items

I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https.

For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links. I have fired up fiddler and checked what's being requested - everything looks fine.

I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.

How do I track down the underlying cause?

A: 

If you have any hidden frames loading pages for some data transfer - check they aren't getting a 404 as this will trigger IE to see and http request.

ck  2010-09-17 10:18:46
I've checked that there are no 404's in fiddler. Actually, only 404 is for favicon.ico, but that can't be the issue.
Jaco Pretorius  2010-09-17 10:33:20
@Jaco - it *could* be the issue - try supplying something arbitrary and see...
ck  2010-09-17 11:10:38
A: 

Using a tool like Charles or Fiddler it should be possible to see all traffic and detect the problem. I actually had a similar issue a while back and mine was caused my a minified version of prototype/scriptaculous i was using so it could be worth trying to remove any javascript and go from there if nothing else is apparent.

seengee  2010-09-17 10:24:33
Did you read this bit? "I have fired up fiddler and checked what's being requested - everything looks fine."
Jaco Pretorius  2010-09-17 10:29:47
@Jaco - no idea how i missed that, sorry. Fiddler should help but as i mentioned above it didnt actually help me. It seems the problem is often javascript related. Have you tried checking if the error still appears with JS disabled?
seengee  2010-09-17 10:36:28
assuming there is external javascript in the page that is ...
seengee  2010-09-17 10:39:09
I disabled JavaScript and still got the same issue
Jaco Pretorius  2010-09-17 11:46:41
+1  A: 

Some ideas:

  1. Do you have an iframe which is set to load the "about:blank" URL rather than an actual blank HTML page. IE will see about: url as not being part of the secure site.

  2. Are you using any IE hacks which involve the CSS "behavior" style? This is an MSIE-specific feature which is used by a number of hacks to get IE to be more compatible with modern standards. They load HTC files, but there are some quirks and unusual rules around how IE handles them with respect to the rest of the page environment.

  3. Do you have an third-party stats apps on your site (google analytics, etc)? Have you checked that they are loading via https?

  4. Do you have any Javascript or CSS which includes subsequent files?

  5. Have you tried it in other browsers which might have better tools for analysing the site than IE6? (IE8 has a very handy 'Developer Tools' feature, though I still think Firefox + Firebug is the best browser debug tool available)

Spudley  2010-09-17 11:56:02
Finally realized I have a CSS file which loads resources which don't exist. The weird thing is when I hit the page directly IE doesn't report an error, but when I redirect back to the page it does. Any idea why this happens? Also, Fiddler didn't report that the resources don't exist. I'm rather confused.
Jaco Pretorius  2010-09-20 07:11:47
I can't give a difinitive answer to that! But IE is particularly good at producing weird results like that. My guess is that there's a difference in how IE handles direct 404 errors and cached ones. Maybe if it knows a request is going to give a 404 error, it doesn't bother trying to load it again, and just goes to about:blank or something like that? But as I say, I can't really be sure what's going on there. Glad you solved it though.
Spudley  2010-09-20 10:17:48

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?