3
2
In Chrome (though I may have seen similar behavior in other browsers), type in http://www.google.com. You will always be redirected to https://www.google.com. Usually when I do this, I get the good old green lock in the upper left indicating everything is secure. But SOMETIMES I get the the grey lock with the little yellow warning that indicates when you click on it, "However, this page contains other resources which are not secure." It seems to go in runs where I get the good green icon for a while and then I'll get stuck with the grey lock for a while. This behavior is not specific to one website. For instance, bankofamerica.com does the same thing. Does anyone have any idea why this happens?
P.S. It's not simply the standard references to non-https links in the source because using the developer tools all requests are shown to be https except for the initial, redirected request.
user12861
Posted 2013-08-30T14:16:25.157
Reputation: 131
But why would it give this warning when none of the resources on the page are being delivered over http, which is what I see in the developer console? – user12861 – 2013-08-30T15:10:42.410
I think the best would be to check the source code of the webpage. and then search for any occurrences of 'http://', or try to find any access to some unsecured webpages. If it is possible, and not confidential, can you give me the address of the webpage that this happens on? So I can see it for myself? – Jacob Rabinsun – 2013-08-30T15:40:57.567
I am also guessing that this might be happening with Google+ account enabled. Is this the case? I mean do you have G+ enabled? Cause if you do, and if google is trying to load some content, well, there is always a possibility that a part of this content is not being transported on a secure layer. (Only if we are talking about Google's home page) – Jacob Rabinsun – 2013-08-30T16:26:09.897
The page certainly isn't confidential, it's google's main page (or you can get the same behavior on bankofamerica.com, or twitter.com. If it were as you say and some http links were loading, that would show up in the developer console. – user12861 – 2013-08-30T18:38:58.393
What extensions do you have installed on your chrome browser? – Jacob Rabinsun – 2013-08-30T18:47:32.643
Only IE Tab, and I'm not using that here. – user12861 – 2013-08-30T19:00:24.167
Do you have any of Chrome policy templates(https://support.google.com/chrome/a/answer/187945?hl=en) installed? or have you possibly changed any of them? Is your system clock set to the accurate time and date? Are you using the latest version of Chrome?
– Jacob Rabinsun – 2013-08-30T19:04:52.997And now I'm guessing, maybe your Chrome installation's SSL certificates have been modified or removed possibly. (From settings>show advanced settings....>HTTPS/SSL>Manage Certificates...) – Jacob Rabinsun – 2013-08-30T19:14:01.130
Do you really not see this behavior when you try it yourself? Everyone else who I've had try it has the same thing happen. I tried it at work and at home and go the same thing. – user12861 – 2013-08-30T19:16:41.777
No. All three sites are as green as they ever could be over here. https://twitter.com/, https://www.bankofamerica.com/, and https://www.google.com/, all three of them are green on my computer.
– Jacob Rabinsun – 2013-08-30T19:21:24.333Yeap, the same thing happened here too. Sorry, I think I misunderstood how to get that gray lock. Yes, now it is gray. – Jacob Rabinsun – 2013-08-30T19:24:51.767
Now, I think that is not a bug, but more like an issue, maybe not even an issue. I think that happens only because Chrome somehow or in some way is trying to figure out from which page you are coming from. When you keep typing in http://www.google.com in the address bar, it some how forces some (maybe we could say) unwanted "http://%22s in the source code of the final and destination page, which I think makes Google Chrome to think that its actually this page itself that has some nonsecure resources.
– Jacob Rabinsun – 2013-08-30T19:28:28.097