Menu
Can non-secure pages (HTTP) load secure content (HTTPS) without any unwanted side effect (eg: browser alerts, failed load, etc)?
I know secure (HTTPS) pages shouldn't load non-secure (HTTP) content and that protocol-less URLs can help alleviate this problem. I would like to know if the opposite is also true.
Thanks, Omar
275
Say you have an image URL like http://otherdomain.example/someimage.jpg . You rewrite this URL as https://mydomain.example/imageserver?url=http://otherdomain.example/someimage.jpg&hash=abcdeafad . This way, the browser always makes request over HTTPS, so you get rid of the problems. This solution has some advantages.
Users can easily identify TLS-encrypted sites because they have 'https://' in the URL instead of 'http://'. But in some instances, an HTTPS site can also contain some elements that are loaded using the plaintext HTTP protocol. This creates a condition known as mixed content, sometimes referred to as 'HTTP over HTTPS'.
The only problem would be if the User Agent doesn't support HTTPS, otherwise loading secure content on a non-secure page should work and shouldn't generate warnings.
Regarding whether it SHOULD be done, read: Is there any reason not to serve https content on a page served over http?
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
