Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mixed-content]

HTTPS page that includes content retrieved through clear text HTTP

Mixed content occurs when HTTPS contains content retrieved through cleartext HTTP. This makes the connection only partially encrypted and vulnerable to man-in-the-middle attacks.

More information:

11 questions
7
votes
3 answers

How does HSTS handle mixed content?

I've just checked with the SSL Server Test if I implemented the SSL certificate on my server correctly. I got a grade A in their ranking but you can get an A+ if you have activated HSTS. After some seaching I found out that Google might treat HSTS…
Sr. Schneider
  • 185
  • 6
5
votes
3 answers

Keycloak blank page behind nginx reverse proxy

After unpacking and starting keycloak to listen on 127.0.0.1, I configured nginx to work as a reverse proxy accessible from a publicly available domain via https. This is the nginx configuration: http { server_tokens off; upstream keycloak…
user540468
  • 152
  • 1
  • 2
  • 10
3
votes
2 answers

What should I do about a mixed content warning on my website?

My server is configured to use HTTPS only; this works okay. But when I visit the website I get this message in Firefox (next to the URL bar): Firefox is blocking content on this page Most websites will work properly even if content is…
user568021
  • 107
  • 1
  • 12
2
votes
1 answer

SSL mixed content warnings. I can't make the other server that I request from have SSL. What are my options?

So, I have an app on one server that I've configured to have SSL. However, it makes a bunch of API calls to another one of my servers, but that server has more than one service and no SSL. I know for a fact that if I add SSL to the second server, a…
DJSweetness
  • 35
  • 7
1
vote
1 answer

Allow active mixed content (iframes) with SSL and Content Security Policies

I've installed a SSL certificate on my server, and I've made it HTTPS. But I need to load existent iframes with embedded content, usually YouTube videos that were saved with HTTP url, but also other content that is not available via…
Julen
  • 227
  • 1
  • 3
  • 8
1
vote
1 answer

Padlock with triangle only on homepage (chrome, firefox, IE, safari)

I've looked into it a little and some people were saying it's because HTTP needs to be changed to HTTPS for images, etc. Is there a tool I can use that can troubleshoot my SSL issue? Can anyone tell me why this site (https://epharmacies.com/) has…
Donnie Hanes
  • 21
  • 2
1
vote
1 answer

Link to http on a https page (without mixed content warning)

My whole site is HTTPS, and I have trouble linking to a tumblr blog. If I use a protocol agnostic link (href="//...") the browser tries to access the tumblr blog via https, which throws an error (connection refused). Of course if I link to the http…
mrtnmgs
  • 271
  • 2
  • 7
1
vote
1 answer

Browsers warn for mixed SSL and non-SSL content

I have the pem file installed in a HTML directory. Although all of the files are in the HTML directory with the pem file, I still get the SSL warning from browsers saying "this page includes other resources which are not secure" even though I don't…
netrox
  • 161
  • 6
0
votes
1 answer

Exclude certain paths on https redirect by letsencrypt

I have an application on a lamp stack. The application uses let's encrypt SSL certs for https. One function of the application is to allow users to embed certain content in an iframe on other sites. Using the Let's Encrypt certification script, I…
ymdahi
  • 103
  • 4
0
votes
1 answer

What does mixed content warnings due to http content instead of https content compromise?

I'm aware that, essentially, https encrypts data being sent and received so it seems to me that nothing is compromised except the data being sent to or from http, but this question is more for clarification, so does having content served over http…
DJSweetness
  • 35
  • 7
0
votes
0 answers

JavaScript and CSS looking for another IP address and will not load. Mixed Content error. Apache 2.4.6 Centos 7

Listen 80 DocumentRoot "/var/www/html" ServerName "www.mydomain.com" ServerAlias "www.mydomain.com" RewriteEngine on RewriteCond %{SERVER_NAME} =www.mydomain.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}…
Brandon K
  • 1