Gabriel Torres Posted February 25, 2015 Posted February 25, 2015 Hi,I am willing to move my webserver to SSL. The main problem I am facing is that the browser complains that there are external scripts that are not encrypted (tags from ad networks such as OpenX, Tribal Fusion, etcetera), and thus advertisement is blocked on our forum. Any tips on how to deal with that?Thanks,Gabriel.
ASTRAPI Posted February 26, 2015 Posted February 26, 2015 This is a common error that occurs when some element on a secure web page (one that is loaded with https:// in the address bar) is not being loaded from a secure source. This usually occurs with images, frames, iframes, Flash, and JavaScripts. If you are having trouble finding what elements are loading from http instead of https go to:https://www.whynopadlock.com/ Then you can try to change the http to https for those scripts/widgets if the advertisement companies have https or you may change connection links to // instead of https:<img src="//www.domain.com/image.gif" alt="" />
Makoto Posted February 26, 2015 Posted February 26, 2015 If your ad networks don't support loading scripts over HTTPS connections, no, there's generally nothing you can do. You should complain to your Ad Networks that they need to start offering SSL support if they don't already. There's really little to no excuse for them not to be.If they do, obviously just update your scripts. Testing for support is generally easy enough, just try and load the included scripts over HTTPS connections and see if it works.
Gabriel Torres Posted February 26, 2015 Author Posted February 26, 2015 Thanks @KiritoThe problem I have is that there is one particular network that doesn't support https and I am afraid I will have to hold my migration because of them, since their code/banner isn't loaded when SSL is activated.
Rugger Posted February 27, 2015 Posted February 27, 2015 Then you can try to change the http to https for those scripts/widgets if the advertisement companies have https or you may change connection links to // instead of https:<img src="//www.domain.com/image.gif" alt="" /> Forgive my ignorance but I have never seen someone use a // before a link without the protocol, would it default to the protocol being used or prioritise one over another? Is there any documentation for the usage?
TSP Posted February 28, 2015 Posted February 28, 2015 It works as http:// when the address bar contains http:// and works as https:// when the site is visited with SSL/https connection.I'm not sure on documentation, and I'm on mobile now, but try to search for something like: relative http url ssl
ASTRAPI Posted February 28, 2015 Posted February 28, 2015 http://tools.ietf.org/html/rfc3986#section-4.2
Rugger Posted February 28, 2015 Posted February 28, 2015 That is a very interesting feature, @ASTRAPI I had read that document before but never noticed that section, or at least never realised the significance - thanks.
Makoto Posted March 1, 2015 Posted March 1, 2015 Obviously it's not magic and it will just break the link if you attempt to load the resource from a secured page and the remote server doesn't support HTTPS.It's better to always explicitly use HTTPS if the remote server/CDN supports it regardless of if you website is actually using HTTPS connections or not.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.