By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,019 Members | 1,255 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,019 IT Pros & Developers. It's quick & easy.

masterpages and secure and nonsecure items warning

P: n/a
Hi guys!

I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?

Thanks in advance!
Jun 14 '07 #1
Share this Question
Share on Google+
10 Replies


P: n/a
Your page will be referencing items using http://. eg

<img src="http://www.someserver.com/someimage.jpg">

To get rid of the warning all items need to be retrieved via https. View
Source on your page and see what you are not getting via https

"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:35**********************************@microsof t.com...
Hi guys!

I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?

Thanks in advance!

Jun 14 '07 #2

P: n/a
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:35**********************************@microsof t.com...
I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?
The warning can be switched off in most browsers, but the users would have
to do that themselves - it's not something that the website can control.

Is there any reason that your MasterPage(s) can't also be in your site's
secure area...?
--
http://www.markrae.net

Jun 14 '07 #3

P: n/a
Yes, the (obvious) reason is... performance,

however I noticed that,
if someone navigates to e.g.:

https://www.ultraedit.com/store/cust...me.php?cat=269

there are no warnings,
while,
if you go to page's source,
there are "http" links

"Mark Rae" wrote:
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:35**********************************@microsof t.com...
I use masterpages for my website,
the inside content is secured (https),
while the header and the footer master files are not,
so, can I get rid of the "This page contains both secure and nonsecure
items" warning?

The warning can be switched off in most browsers, but the users would have
to do that themselves - it's not something that the website can control.

Is there any reason that your MasterPage(s) can't also be in your site's
secure area...?
--
http://www.markrae.net

Jun 14 '07 #4

P: n/a
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:65**********************************@microsof t.com...
Yes, the (obvious) reason is... performance,
Ahem...
however I noticed that,
if someone navigates to e.g.:

https://www.ultraedit.com/store/cust...me.php?cat=269

there are no warnings,
while,
if you go to page's source,
there are "http" links
Yes, that's right... If an https page has links to http resources, the
warning doesn't appear, but if an http page has links to https resources, it
does...

It's a security thing...
--
http://www.markrae.net

Jun 14 '07 #5

P: n/a
Yes, that's right... If an https page has links to http resources, the
warning doesn't appear, but if an http page has links to https resources, it
does...

It's a security thing...
The strange thing is that my page IS https (has http links however) and
still there are warnings!

Jun 15 '07 #6

P: n/a
The strange thing is that my page IS https (has http links however) and
still there are warnings!
It is the http links that are causing the warning. What the browser is
telling you is that although the page's HTML has been received over HTTPS
not everything on the page has been retrieved over HTTPS so not everything
on the page can be guaranteed as secure.
Jun 15 '07 #7

P: n/a
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:FC**********************************@microsof t.com...
>Yes, that's right... If an https page has links to http resources, the
warning doesn't appear, but if an http page has links to https resources,
it
does...

It's a security thing...

The strange thing is that my page IS https (has http links however) and
still there are warnings!
I must apologise - I got that completely the wrong way round...

If an http page has links to https resources, the warning doesn't appear,
but if an https page has links to http resources, it does...
--
http://www.markrae.net

Jun 15 '07 #8

P: n/a
so, what should I do,
convert all my links to https?

Then the problem would be,
in order to navigate to an external site (url),
if that isn't https,
the page would never open!

"Mark Rae" wrote:
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:FC**********************************@microsof t.com...
Yes, that's right... If an https page has links to http resources, the
warning doesn't appear, but if an http page has links to https resources,
it
does...

It's a security thing...
The strange thing is that my page IS https (has http links however) and
still there are warnings!

I must apologise - I got that completely the wrong way round...

If an http page has links to https resources, the warning doesn't appear,
but if an https page has links to http resources, it does...
--
http://www.markrae.net

Jun 15 '07 #9

P: n/a
"patrickdrd" <pa********@discussions.microsoft.comwrote in message
news:32**********************************@microsof t.com...
so, what should I do,
convert all my links to https?
Yes, if you want the warning to disappear...

Either that, or move all of the images etc into the same site and use
relative addressing...
--
http://www.markrae.net

Jun 15 '07 #10

P: n/a
In article <32**********************************@microsoft.co m>,
patrickdrd <pa********@discussions.microsoft.comwrites
>so, what should I do,
convert all my links to https?

Then the problem would be,
in order to navigate to an external site (url),
if that isn't https,
the page would never open!
I think you're confusing links with resources.

If you load a page under SSL, then any resources loaded by that secure
page, such as images, stylesheets, Javascript files, etc must all be
loaded under SSL to avoid having the warning.

However, you can have external links, ie <a href="http://www.blah.com/">
that point to non-SSL URLs as these are not loaded with the page.

So, you only need to check that anything actually loaded by your page is
under SSL. Any external links are irrelevant.

HTH

--
Alan Silver
(anything added below this line is nothing to do with me)
Jun 18 '07 #11

This discussion thread is closed

Replies have been disabled for this discussion.