I deployed my application on google appe engine. My web site use Dojo with the template claro. When I run "google chrome inspection", I see a lot of warning when I navigate throught my site. Here is the type of warnings :
The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dijit/themes/claro/claro.css.
The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js.
Do I need to configurate something in the appengine-web.xml or web.xml?
If your page is always accessed by secure url (https) then you might try accessing the secure versions of those include files. I think you can just use https: in place of http: in the url for those two files.
If you want to get fancy, you can check to see if the page is secure and pick either the secure or non-secure version of the link. I can post a sample of that if you need it.
Addendum: To save people time, I am posting @mercator's superior solution here:
No need to get fancy. If you want to pick the secure or non-secure version depending on whether your own site is secure, you can use a protocol-relative link. E.g. //ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js
what if the site doesn't support https?? For instance, I'm sending the request to world bank, which only supports http?
EDIT: on chrome, click the "shield" icon on the right of the address bar.
Chrome Inspection validates only client side code, not server side. So, server configuration in appengine-web.xml/web.xml doesn't matter here.
At this case it says that your html is using some external code, from other sites, that can be insecure. It not a big problem, btw. But if you wish, you can copy this files (claro.css and dojo.xd.js) to your own site to fix this issue.
来源:https://stackoverflow.com/questions/7309013/warning-the-page-index-html-ran-insecure-content