SSL warning: contains unauthenticated content

One of the major annoyances of SSL is getting it to work when bouncing between http and https access with the same resources (e.g. stylesheets, images, etc). The most common of issues is most likely to be "contains unauthenticated content " warning (via FF). Some of the "symptoms" may include embedded content (image, flash movies, etc.) not loading.

Below is a quick and dirty run-down list on how to eliminate this warning, and stop giving your potential clients cyber heart attacks when they see this huge red exclamation mark.

1. Do not use any absolute URLs in code. Period. Load files/link with relative path only. In other words, when in https there shouldn't be any http reference in html for any loads (script/image/file/etc). Get firebug addon for firefox that will help you inspect your source code.

2. modify htaccess rule to exclude .css, js, image(e.g. gif,png, jpe?g) and other types (e.g. swf) from being redirected for objects that you "share" between http and https. When page loads it should grab files under correct protocol.

3. Most hosts nowadays offer some type of hotlink protection. If you followed suggestions above and still having warning issues, turn off hotlink protection.

VoilĂ ! You have a sweet clean page with a nice lock under https.
you're welcome.

1 comment:

Anonymous said...

wow. thanks.
got to you post from here http://forums.asp.net/t/1631497.aspx