This is the image I see in googles security panel when hitting F12 when accessing the site that I am trying to develop. I have no idea how to fix this issue so that the site comes up as secure. How can I find what resources it is referring to?
The issue was that some of my images were not going through the SSL layer. I had to install Firefox dev edition and see what resources were causing the issues using Firebug. Once I fixed that, the site popped up as secure.
Related
We are in the process of implementing Success Factors LMS, and trying to play and view SCORM compatible files exported from Adobe Captivate 8 and 9 in Success Factors LMS.
I get the message - 'ERROR – unable to acquire LMS API, content may not play properly and results may not be recorded. Please contact technical support’
I have tried SCORM versions 1.2 v3 and 2004 V2 and V4. We can view the content, however it does not track, show as complete etc.
We are also producing Scorm compliant files using Skillcast and Articulate, but we still hit the same issue, we can view the content after closing the API error window, but still does not track.
Anyone experienced this problem before? Or know of a fix?
Many thanks
Normally this issue comes up when the course is unable to get the SCORM API from the LMS...I have seen a ton of SCORM content running in Success Factors before, so I wonder if the issue is in the setup. Are you seeing any "Access Denied" type errors in the browser element inspector/developer tools? I wonder if the course just can not find/have access to the player window. If the course is launching in a new window, you may want to try launching it in the frameset. I have seen folks get around this issue by making sure the player and sco are in the same window...
If you wanted to rule out the content being the issue, you can always test your content in the SCORM Cloud's free sandbox (https://cloud.scorm.com) to make sure the course is properly asking for the API...
If you have any other questions, we would be happy to help...you can just shoot us an email at support#scorm.com.
Thank you!
Joe
The error occurs because the content is not speaking to the Learning Management System (LMS). The code that runs to initialize the session doesn't happen. There is no return "ping" from the LMS.
You will get this error when you publish in SCORM and run from your desktop, or from a web server that isn't connected to an LMS. If it occurs when you are launching from an LMS it can either mean that the SCORM API isn't configured correctly, or your content server is on a different domain (cross-domain) than your application servers.
To test, you should try launching your content in different browsers. Our system was configured in such a way that Firefox and Chrome read our content to be cross-domain issue, and threw the SCORM API error, but Internet Explorer worked just fine.
In the end, it was determined that our server configuration in tandem with our firewall and security settings read the Content server as cross-domain and we had to redeploy our content servers within the firewall.
I am sorry that I am not able to provide much info because I totally have no idea about this weird problem.
I have a fb canvas app which is written by rails 3.2.2 .
There is not any problem on my local machine (Mac OS X 10.7.4).
When I deploy it to heroku, it is fine with chrome and firefox. However, when I use Safari to browse it, Safari can't get any cookie from heroku. (it shows "This site has no cookies" in developer tool, but it works well on my local machine.)
I have googled this problem, and I get something like this and this, but I don't think these are the case of mine.
any suggestion?
If you need any specific info about my code to solve this problem, please let me know.
I will appreciate it very very much!!
I finally found out that it's a problem of safari's security setting.
As fb canvas gets heroku's content through iframe, there may be security issues. If we donwgrade the 'Block cookies' of safari's privacy settings from 'From third parties and advertisers'(default) to 'Never', everything works well!
However, I don't think asking users to downgrade their security settings is a good idea. I am wondering whether there is a solution to avoid this restriction in safari.
please let me know if you have any idea. many thanks :)
I'm trying to find a non-SSL resource that is being loaded on my site.
This happens occasional where one of us forgets to use the https version of a resource (like some js in a CDN).
My question is there any firebug-like tools to find these "Turds in the punch bowl"? I want my green padlock back :)
Besides Firebug, which you've mentioned, you can use the developer tools in Chrome:
Tools menu -> Developer Tools
Go through the list of loaded resources in the Network tab
Alternatively, the HttpFox extension for Firefox can also be useful. It will keep logging the traffic even when you change pages, which may be useful in some cases.
(This is very similar to Firebug.)
mitm-proxy is great for stuff like this - http://crypto.stanford.edu/ssl-mitm/
You run it on your local machine in a console window, set your browser to use it as a proxy, and you can watch /log everything that your browser requests. It's a little noisy since it shows SSL hand-shaking and file contents, but you can filter that down. When you need to debug SSL communications it's invaluable to see those details though..
mitm-proxy is based on http://grinder.sourceforge.net/g3/tcpproxy.html which has more in the way of scripting capabilities.
I have an ASP.NET site which should transport completely over HTTPS. However, in Google Chrome I get a warning that the page includes resources which are not secure. How can I find out which those resources are and why they wouldn't be going over HTTPS?
I've just had this problem in Chrome also. I checked in the Network tab but all resources were loaded over https.
Solution: close Chrome and re-open.
Chrome must cache its secure-content detection so that even when you fix the problems the insecure content message won't disappear.
Usually this occurs because you are loading Images, javascript include files or external CSS files without using https. You can use a program such as FireBug: http://getfirebug.com/
FireBug will tell you how your elements are loading and which aren't going through the ssl layer. If you don't have firefox, then I am pretty sure Chrome also has something similar to FireBug built in.
Here's how to use firebug:
Open firebug
Click on the Console Tab
Reload the page
Any https errors will show in the console and tell you which resource is not working.
Hope this helps
I have nothing to do with the people providing this online script, but it's easy and can be bookmarked in any browser.. works well and quickly to solve the problem.. http://www.whynopadlock.com
In Google Chrome: You can view the offending resource in the Console tab of the Inspect Element window.
It will be listed as:
The page at https://example.com/page displayed insecure content from http://example.com/resource
Of course you might have to reload the page with the Inspect Element window already open.
One of the easiest ways to do it is to right-click the page in Firefox and select View Page Info. Then go to the Media tab and find anything that is loading from http instead of https.
We've scratched our own itch and wrote a tool that crawls your web-site and tells you what pages have non-SSL resources on them. You just need to enter the root URL of your web site – no need to check every page manually.
http://www.jitbit.com/sslcheck/
I noticed that when I had this problem that a toolbar(uTorrent) was causing the error. I removed the toolbar and the error went away. Not sure why a toolbar would cause an error on my site, but no more problems here with the SSL certificate.
To add to this I right-clicked on the column headings in the Network tab view and selected Protocol.
If you then click on the Protocol heading, the contents of the report will be grouped by HTTPS, etc
In Chrome, you can find out which resources were loaded via http versus https by doing the following:
1) In Wrench menu, choose Tools > Developer tools
2) Click on "Resources" toolbar icon
3) Expand the Frames folder to see the different pages. Expand the page whose resources you want to see. The individual Resources for the page are then listed, broken down by Images, Scripts, and Stylesheets
4) To see the URL that was used to load that resource, just hover the mouse over the resource name and the URL will appear, either with http or https. You can also click on an image name to see the image on the right side, along with its URL
Chrome has their own developer tool.
you can right click a page, inspect it.. and then click the "network" tab and reload the page. you'll see the workflow.
I dont know if any one will be checking this answer
Or you might have found the solution already, but anyway, my answer might help other people suffering from similar issue
http://www.whynopadlock.com/
This is the link that I used to check the insecure content /file which was being loaded to my page.
Hope it helps. :)
I just discovered same behaviour in chrome (firefox showed a green lock), even though all resources were loaded via https.
The reason in my case was that the server supported broken (google poodle) SSLv3.
Setting ssl_protocols to exclude SSLv2 in nginx.conf like so
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
fixed the problem for me.
I consider it unfortunate that chrome doesn't make this reason more transparent. "this page loads some resources insecurely" is very misleading if not wrong.
If you want to crawl your own site from your own desktop for a list of all reasources loaded (not loaded by javascript though, which is worth bearing in mind), if using windows you can use Xenu's link sleuth. Export the TSV file and then right click and open with excel, then sort by URL, you can then find those pesky http resources for all pages on the site!
I have a site and i implemented ssl there. but when i browse it, the security seals dont come. i asked to godaddy, they replaid:
Thank you for contacting online support. I cannot replicate the issue you have described. The error you described is caused by the way your site has been designed. If you receive this error, you have a combination of secure and non-secure objects on the page. For example, if your secure website was https://www.domain.tld and you added an object (an image, script, flash file, etc.) to that page that was located at http://www.domain.tld/image.jpg, you would break the seal.
You will need to change your design to
link to objects using https (ie
https://www.domain.tld/image.jpg) or
modify your site design to use
relative paths (/image.jpg).
This error can only be corrected by
modifying your site design. Please
contact your web designer or the
manufacturer of your web design
software if you require additional
assistance modifying your site design.
but the problem is i made everything,all my images javascripts are unders https, but the seal still not coming, saying: some content insecure. what is the problem.
Your problem is in line 8 of jqueryslidemenu.js:
var arrowimages={down:['downarrowclass', 'http://lendersutopia.com/images/down.gif', 23], right:['rightarrowclass', 'images/right.gif']}
You should change it to
var arrowimages={down:['downarrowclass', 'images/down.gif', 23], right:['rightarrowclass', 'images/right.gif']}