Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Loading HTTPS content on HTTP pages

Can non-secure pages (HTTP) load secure content (HTTPS) without any unwanted side effect (eg: browser alerts, failed load, etc)?

I know secure (HTTPS) pages shouldn't load non-secure (HTTP) content and that protocol-less URLs can help alleviate this problem. I would like to know if the opposite is also true.

Thanks, Omar

like image 275
omarrr Avatar asked Nov 01 '13 17:11

omarrr


People also ask

How do I load HTTP image in HTTPS?

Say you have an image URL like http://otherdomain.example/someimage.jpg . You rewrite this URL as https://mydomain.example/imageserver?url=http://otherdomain.example/someimage.jpg&hash=abcdeafad . This way, the browser always makes request over HTTPS, so you get rid of the problems. This solution has some advantages.

Can you mix HTTPS with HTTP?

Users can easily identify TLS-encrypted sites because they have 'https://' in the URL instead of 'http://'. But in some instances, an HTTPS site can also contain some elements that are loaded using the plaintext HTTP protocol. This creates a condition known as mixed content, sometimes referred to as 'HTTP over HTTPS'.


1 Answers

The only problem would be if the User Agent doesn't support HTTPS, otherwise loading secure content on a non-secure page should work and shouldn't generate warnings.

Regarding whether it SHOULD be done, read: Is there any reason not to serve https content on a page served over http?

like image 88
Sébastien Avatar answered Oct 23 '22 03:10

Sébastien