I'm trying to show amazon banner on my website. Here's the banner's default code:
<script type="text/javascript" language="javascript">
var aax_size='160x600';
var aax_pubname = 'username';
var aax_src='302';
</script>
<script type="text/javascript" language="javascript" src="http://c.amazon-adsystem.com/aax2/assoc.js"></script>
This is the error I'm getting if I don't change the http link:
first:1 Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://c.amazon-adsystem.com/aax2/assoc.js'. This request has been blocked; the content must be served over HTTPS.
Now if I change the url src as https://c.amazon-adsystem.com/aax2/assoc.js. The amazon banner is loading but the padlock is breaking with the following message in the console:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure frame 'http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com'. This request has been blocked; the content must be served over HTTPS.
The above url http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com is in the javascript hosted by amazon which I can't change. Is there a way to fix it?
Most services which support https but provide http will accept https://our.site.com as an alternative to http://our.site.com. Have you tried just changing the protocol from
"http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
to
"https://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
just clear your browser cache or try it in private/incognito window with your HTTPS changes. It can be a browser level issue.
As amazon is using Protocol Relative URL in this script. So there is no where hard coded http or https.
You can view the same by beautifing the code in http://c.amazon-adsystem.com/aax2/assoc.js
By changing http:// to https:// it worked for me.
Related
I've uploaded a new static blog to GitHub Pages using Ghost and Buster.
Github Repo: https://github.com/paddy420Smokers/cannalogie
I've added the code below to force all pages to use https:// , on the Frontpage and Category Pages its working fine, but on Posts only https:// is there but it's not fully secured.
<script>
var host = "cannalogie.net";
if ((host ==window.location.host) && (window.location.protocol != "https:"))
window.location.protocol = "https";
</script>
Does anyone know how to fully secure all pages and posts?
Looking at the developer tools, it looks like you're loading something that over http while the rest of your page is loaded over https. That causes the whole page to be considered insecure and not show the lock symbol, even if the url shows https.
It looks like you're loading a .gif over http. If you change the url to load it over https, the error should go away and the lock should appear.
I'd like to use window.location.href in the tool codesandbox.io. This is because I want to do a test with a hard page load occurring. I'm running into an issue however.
location.href = "http://www.google.com"
I get this error:
Mixed Content: The page at 'https://codesandbox.io/s/lingering-bird-nyvfi' was loaded over HTTPS, but requested an insecure resource 'http://www.google.com/'. This request has been blocked; the content must be served over HTTPS.
Example: https://codesandbox.io/s/locationhref-usage-nyvfi (see src/index.ts and open Dev Console)
How do I accomplish this the ability to simulate a page load, in the fake virtual browser?
I think it may be possible once the security criteria are met; which is limiting.
Use HTTPS (Avoid mixed content)
Use same origin
Thus this works:
window.location.href = "https://www.codesandbox.io/docs";
Is it possible to use react-leaflet with https connection?
It seems I cannot switch between HTTP and HTTPS protocol, so i get a warning:
Mixed Content: The page at 'https://localhost/map' was loaded over
HTTPS, but requested an insecure image
'http://b.tile.osm.org/10/510/340.png'. This content should also be
served over HTTPS.
Maybe somebody knows a workaround.
For some reason when you go to the url https://www.improvementskills.org/index.cfm google translate does not show up, but when you go to http://www.improvementskills.org/index.cfm it works fine. So I know the issue is with SSL and having https. Does anyone know what the problem is and how to fix it. Thanks!
You are loading Google's JavaScript with an http URL, even when your page is served with https. The browser rejects that, because it's insecure to include non-https content in an https page.
You need to do this:
<script type="text/javascript" src="//translate.google.com/...
rather than specifying the URL as http://translate.google.com/... By starting the URL at the double-slash, the browser will use whichever of http or https the page itself is using.
My website is here, and visiting it in Chrome gives the 'load unsafe script' error and unsecured content errors in the console. Firefox loads the site, but there isn't a lock.
My site is entirely in PHP, and I'm not sure where to start. The console and firebug said that the site was loading unsecure scripts over HTTP, but how do I make it all HTTPS?
Thanks in advance!
Your HTML has lots of links to http:// resources, eg.:
<link rel="stylesheet" type="text/css" href="http://portal.thespartaninstitute.com/...">
You need to ditch the http: part and just link to //portal.thespartaninstitute.com/... - that will then use https when the page has been loaded that way.