Menu
I have a web application which works perfectly fine on my own machines, perfectly fine on my customer's PCs but on their customers machines each page they visit they get a prompt for the Mixed Content coming up.
However it doesn't matter whether they answer yes or no to the question, they still get all of the functionality of the site.
We cannot ask them to disable the warning, since they would then consider our application not secure and not use it.
I've installed Httpwatch and none of the resources or urls being loaded are insecure. The codebase for any flash objects is called using https: I've checked for any removechild() function calls in the scripts and none of them are called on divs with a background image. We have no calls to javascript:void anywhere in the codebase.
I'm at a loss as to what to check next. Is there any way without being too intrusive, to find out what insecure objects the page is trying to load? This has to be something that will work on IE7 or 8 as we are not allowed to install anything on their machines.
397
This is a bit untimely, but I was running into this issue today, and thought I'd chip in. In the IE9 developer toolbar (F12), the console tab will give you a list of any items which cause a security warning on a secure page.
98
Other than what Dean has suggested, Why not try installing firebug (Firefox) and see everything that the page requests?
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
