发表新帖
发表新帖

How can you tell exactly what insecure items are causing a browser to warn about mixed secure and insecure items?

后端 未结
关注
10 527
日久生厌
日久生厌 2020-12-08 09:23

In Firefox, I view my site and get no warnings about insecure mixed content.

Using FireBug, I can see that every request is https.

In Chrome, I

相关标签:
10条回答
  • 挽巷
    2020-12-08 09:24

    I found that I get the "mixed content"-warning in Chrome even when there is no mixed content, if sometime during the session mixed content was already encountered on the domain.

    (Also mentioned here: Why is Chrome reporting a secure / non secure warning when no other browsers aren't?)

    0 讨论(0)
  • 谎友^
    2020-12-08 09:24

    Do you have the HttpFox plugin for FireFox? That'd work, I think. Among other things, it reports on the URL, Method, Result Code, and bytes of all the assets that a web page requests. It's what I've used to trap the occasional non-HTTPS graphic, etc. I'm sure the other suggested tools would do the same...

    0 讨论(0)
  • 梦毁少年i
    2020-12-08 09:25

    In situations like this where it's helpful to see exactly which protocol is being used to load resources, I would recommend Fiddler2 as a browser-agnostic solution that can show you exactly what traffic is occurring on each request.

    From the site:

    Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

    Edit: In-browser debugging tools are becoming really good so this third-party tool may not be as useful as it was when this answer was first written.

    0 讨论(0)
  • 小鲜肉
    2020-12-08 09:26

    Note that 'mixed content' and 'mixed scripting' are detected seperatly. Check this site for the meaning of the icons in Chrome: https://support.google.com/chromebook/answer/95617?p=ui_security_indicator&rd=1 (click 'see details' link).

    Grey icon = mixed content, red icon = mixed scripting.

    0 讨论(0)
  • 耶瑟儿~
    2020-12-08 09:27

    I know this post is old, but I ran across it and had the same issue. I clicked on the Chrome menu (top right corner), scrolled down to Tools> and selected Developer Tools. Clicked on the Console tab and it told me exactly what the problem was... the favicon was served over http, not https, but of course it was not in the page source code. Corrected the problem in my CMS, which loads the favicon without code in the page... and no more error!

    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-08 09:29

    Open up the Web Inspector and find the yellow triangle (warning) in the top right. Click on it and it will display all security issues.

    0 讨论(0)
 看不清?
提交回复
热议问题