Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Only secure content is displayed

Tags:

security

asp.net

ssl

securityswitch

Our company website (ASP.Net 3.5) uses SSL to secure the checkout pages. Users are getting the "Only secure content is displayed" message at the bottom of IE. Many of them freak out and abandon their cart and we loose a sale. The secure contect is in a subfolder and IIS7 is configured to require SSL on that subfolder. I used the IE dev toolbar to try to see what causes this and get the following:

SEC7111: HTTPS security is compromised by http://www.myCompany.com/WebResource.axd?d=dJde0NlmEkubWa-RO0uUtg2&t=633833944103732959 
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsd1bLH85MgJQdnNYNUNH1gAXPGD9gbk2fwYnJI-0eaw41&t=ffffffffa6437166 
Login.aspx
SEC7111: HTTPS security is compromised by http://www.myCompany.com/ScriptResource.axd?d=-4ipYW6oMR5JKr02ccZdGEkLMeXnvSWAqFrG98oQ5--7NMeKPsjwSVXJeHzqvzhsvkt8QvjGkHw2IYbLkF5RHr1t21TH0EEkLDcUGVpdxdE1&t=ffffffffa6437166 
Login.aspx

We also had a bunch of offending javascript files but worked around those by copying them into the secure directory. That made Chrome and Firefox happy but we still get the message with IE.

How can I stop the popup and keep from scaring my customers away?

like image 466
Sisiutl Avatar asked Jul 06 '11 18:07

Sisiutl

3 Answers

Just change those urls to https.

Now, those script resources look like they're automatically generated by .NET, so you may have to jump through some hoops to do that...

[Edit] Hoisting this up from my comment:

Some guy suggests changing the uri in global.asax on Application_BeginRequest

like image 102
canon Avatar answered Sep 27 '22 20:09

canon

Headache saver... thank you for mentioning IE developer tools. Like many I do most of my testing with firefox and leave IE to last (can't beat firebug!). BUT The way that they've improved IE I think I may be rethinking that strategy! After all most of the world still used IE too.

The developer tools found this line in my css that was giving me the security violations ... simply fixed by changing to https

@import url(http://fonts.googleapis.com/css?family=Gudea);

to

SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage
SEC7111: HTTPS security is compromised by http://fonts.googleapis.com/css?family=Gudea onepage

like image 21
ircsome Avatar answered Sep 27 '22 19:09

ircsome

We ended up using SecuritySwitch http://code.google.com/p/securityswitch/wiki/GettingStarted, which works perfectly.

like image 26
Sisiutl Avatar answered Sep 27 '22 21:09

Sisiutl
Sign in to Comment

Related questions

ASP.NET: How to get the virtual path of a file from a generic handler?
How to show a nicer error then :"A potentially dangerous Request.Form value was detected from the client"
Are some Enterprise Library Application Blocks becoming obsolete?
MS "VCard" french specials chars
Which one is better for jQuery.ajax calls? .Net Web-Service or an .ashx?
How to set up Umbraco cms in Visual Studio 2010?
How to put ASP.NET site offline if critical services are not available
How to make a simple yes/no popup in ASP.NET that return the result back to my c#?
DataMember Emit Default Value
ASP.NET MVC 3: can I combine C# Razor Views with F# Controllers?
Can forms authentication ignore returnUrl
Replacing a DLL while AppDomain is already loaded in ASP.NET
Can one cause Page.IsPostBack to be true independently of ASP.net?
Web Application to know database update
dynamic Javascript in asp.net
Creating a Visual Studio Project Template that already includes a Nuget Package Reference?
Where does WebMatrix save the site configuration?
Is it possible to disable 'Print' and 'Export' buttons on Crystal Reports?
Providing "Add to Calendar" link
Fixing SQL injection forms in a big asp.net C# web application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!