hi
i am using http refrence in secure application and getting warning.
can I avoid or bypass this warning

Thanks
Rajni

Presumably there is a good reason for the warning. What is it?

-Peter

Hi Peter
thanks for ur reply, the error is
"this page contains both secure and non secure data, do you want to display non secure"

Thanks & Regards
Rajni

The problem here is exactly what the error states. There are elements on the page that are secure and non-secure. This could be happening if your main URL (the page) is HTTPS but the images in the page are still HTTP. You need to fix the page elements to match the page's protocol. This is not typically a problem unless you are using fully qualified URLs in URL references. If you make everything root or application root relative you won't get this error.

-Peter

Hi Peter,

Thanks for the post.

I've been following this thread. I created a certificate on a site that shows the same warning box and was wondering how to get rid of it.

I'm trying to understand what you mean when you say HTTP images or HTTPS images. Are you suggesting that we use the fully qualified domain name and not the relative path to the images?

HTTPS
<img src="https://[fully qualified domain name]/images/porkypig.gif">

HTTP
<img src="images/porkypig.gif">

Like so?

And also, "... make everything root or application root relative". Don't understand how to do this? Could you explain please.

Thank you,
Richard

Richard,

Your page has resource references (images, CSS, javascript, etc). After the page loads, the browser gets those referenced resources for inclusion in the page.

If every one of those is root (/) or application (/mywebapp) relative then they will use the same base URL (HTTP[S]://www.mywebsite.com) and you should not get the error. You should get that error only if you explicitly set resource URLs to a fully qualified URL that doesn't match the protocol of the page. I believe that you can even point your resources at different domains, but as long as the resource URL protocols are the same as your page's base URL protocol the error should not occur.

-Peter

Hi Peter
U r absolutely right, as i am using png images i have to use full path with http://............ and its a secure site.
I want both png image and no warning, can u tell me how to achieve it.

Thanks & Regards
Rajni

What dictates that you must use a full URL for a png image? They are like any other image. Are they on another domain?

The simple solution would be to change the URL to the images to use https instead of http. Then they'll be secure.

-Peter

Thanks Peter. Very much appreciate the explanation. I don't ever use the fully qualified domain name. I thought maybe it was because I didn't use a Verisign certificate. I just created my own certificate within Windows. Hmmm. I ended up ditching the SSL anyway. I'm not collecting cc info. Its basically an Extranet site. And although I'm a little concerned about someone hacking into the site I'm pretty secure as far as SQL injection is concerned.

Anyway. Really appreciate your time. Thank you.

Hi Peter,

Actually there is one check box "Enable Content Expiration" in IIS properties of the application. this is in HTTP Headers tab. If I dont check this check box then png images are displaying in following both cases:

1. <img src="images/imagename.png">
2. <img src="https://domainname/applicationname/images/imagename.png">


If I check this check box and select "Expire Immediately" radio button then png images not displaying in above both cases. those are displaying only when I use "http"...but getting the warning. There is no problem with "gif" and "jpeg" images.

That check box must be checked for Reports working.

Thanks & Regards,
Rajni.