I am trying to access my Twitter API but the call is failing due to the redirect. Does anybody know why this is happening and or how I can fix it? Yes, I am signed in.
Are you using the "Use HTTPS" on Chrome, or a similar extension?
For me, it redirects http://dev.twitter.com to https://dev.twitter.com, which in turn redirects to https://twitter.com
Ideally, the extension would offer more control in how it matches domains. Meanwhile, a quick workaround is to open an incognito window, for which extensions are disabled, and view dev.twitter.com there.
Related
I have an e-commerce site with an SSL installed. I have made sure all links are https:// to avoid getting the browser error saying there are non secure items on the page.
However, I have a news and press feed in my footer which links to another websites which is not secure and do not have https:// available. Is there any way to fix this or are there any tricks to making this work?
Links to HTTP URLs should not cause browser errors about non-secure items on a page. Check your browser console (F12) to see what specific items are triggering the non-secure warnings.
Your page is loading three images from https://192.99.37.125/ which is the wrong url, as it does not match to the used certificate. That is causing the error.
my website is ssl-enabled secure containg https:// Now i want to add a website link in my webpage using iframe which is in http://
How can i use it, Here problem is with http:// not working in https:// using iframe.
PLease give a solution
You are going to have a hard time doing this with IFrames in current browsers.
This is called "Mixed Content" display. And it's a bad thing. Browsers have been trying to limit it for the past few years. And make it harder for anyone to use it anymore. That's a good thing.
Firefox has blocked it since v23. https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
Internet Explorer has blocked it since v8. http://blogs.msdn.com/b/askie/archive/2009/05/14/mixed-content-and-internet-explorer-8-0.aspx
Chrome has blocked it since v21. http://peptechlearn.blogspot.de/2013/08/mixed-content-what-instructors-and.html
Apache realm auth is great for quick and dirty site acl's. Can one do realm authentication with a modal window instead of the usual ugly native one? I know there are other solutions, like CAS, etc. But Apache is always there (for the most part) and .htaccess is simple quick and easy
As a short answer no; the ugly native window is not something coming from Apache, but from your browser.
When you ask access to a resource, basically answers with a response with status 401 (Unauthorized); the browser shows the usual modal dialog, asking for username and password; once you provide them, the browser tries again adding an Authentication: header with the username/password provided. If you can be authorized, fine, otherwise you've another 401, and the browser asks for the password again.
Simple answer: no.
This "ugly native window" is the kind of dialog your web browser shows when it encounters HTTP authentication as defined in RFC 2617. This has nothing to do with Apache httpd, the dialog will look the same in your web browser, no matter which web server (Apache httpd, nginx, lighttpd, IIS, Hiawatha, fnord, gatling, …) generated the WWW-Authenticate header.
I am using the Drupal Secure Pages module to secure sensitive pages (such as login and admin pages). I am running into two issues with this:
I am able to login securely on the login page using https. However when I traverse to a non-secure page such as the home page, the browser completely forgets that I am logged in (instead of my username, the login link shows up). (The problem goes away as soon as I disable the Secure Pages module.)
Since the secure pages are getting their images using non-secure URLs, the browsers are showing warning messages. For example, "The site uses SSL, but Google Chrome has detected insecure content on the page."
Is there any clean solution to these issues?
The recommendation here was to make the entire site secure, which seems like an overkill for my site (essentially an open source community). Having said that, how much of a performance hit does something like this incur, roughly?
Thanks.
I was able to solve the issue with non-secure pages not remembering the login state. The solution was to add this line to sites/default/settings.php: $conf['https'] = TRUE; You can see the details here.
As far as I can tell, issue #2 was a browser caching issue. I cleared all the caches and cookies and the problem seems to have gone away!
I'm building a site with Umbraco, and there are a couple of pages that need to be visited over HTTPS instead of HTTP (e.g. a login page).
I've seen a couple of macros that get put on the page that needs to use HTTPS, and essentially just check the protocol used and do a Response.Redirect with the correct protocol if necessary. This seems like a terrible way of achieving what seems to be a fairly basic requirement - ideally I'd want Umbraco to render any links to these pages as <a href="https://...", not do a redirect when the user goes to a page.
With these redirecting macros, there's also the possibility of a browser displaying a warning if the user's on an HTTPS page and navigates to a HTTP one. If the links are relative, the user will be redirected from HTTPS to HTTP, and the browser may warn about this.
Is there a way to achieve this without modifying any Umbraco framework code?
There's currently no built-in way to make a few pages in Umbraco return a https url.
The only way I can think of doing this at the moment is just by making sure that you set up your links correctly.
But there's no way of stopping people from entering the insecure link. That is where the redirects come in handy though, it will make sure you don't get to a secure page insecurely.
I would recommend running the whole site in https mode. In the past, performance would have been an objection to running your full site in https mode. However with modern servers, this really shouldn't be a problem any more.