Login/Register
... this content should also be loaded over HTTPS
Asked Answered
javascriptjquerygoogle-chromehttpsgoogle-chrome-console
A

3

17

Good day.

Site https://mult-privet.com/

In my Chrome console, I see this error:

[blocked] The page at 'https://yandex.st/share/ya-share-cnt.html?url=
https%3A%2F%2Fmult-privet.com%2F&services=yaru,
vkontakte,facebook,twitter,odnoklassniki,moimir' 
was loaded over HTTPS, but ran insecure content 
from 'http://connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F': 
this content should also be loaded over HTTPS.

Why should this URI also be loaded over HTTPS ?

Why am I getting this error, and how do I remove it?

Aestheticism answered 5/3, 2014 at 11:51 Comment(0)
G
19

On the right side of the Chrome address bar, click on the shield icon, then click "Load unsafe script". Done!

enter image description here

Glume answered 21/7, 2014 at 16:46 Comment(2)
Although this is not a safe practice, this is how to allow chrome to do such a thing.Latty
This is a quick, easy workaround, but it does not solve the root of the problem. It is the simplest and easiest answer thus far, but I would not recommend it for users/production.Malkin
A
9

Why this content should also be loaded over HTTPS ?

Because:

  • if you have unsecured content being injected into an otherwise secure page, the unsecured content can be intercepted, replaced and thus render the secure content insecure
  • the browser can't honestly continue to tell the user that the page is secure when parts of it are not

Tell me please why i get this error

You are loading HTTP without SSL content into an HTTP with SSL page.

and how remove this?

Use HTTPS for everything on the page.

Ankeny answered 5/3, 2014 at 11:54 Comment(4)
When did this change occur? It used to issue warnings and not absolutely refuse to load the content.Pansypant
what if scenario where it has to load an http content, assuming we have large number file .txt files in html page, putting every thing over https and wget doesn't solve any purpose, it can create a DOSEncrust
@Encrust — This isn't the 90s. CPU is not a serious limit on SSL use any more.Ankeny
Loading HTTPS for everything on the page may fail if you deploy your server via HTTP. If you want to deploy your sever via HTTP, you would have to revert all HTTPS protocols to HTTP. Or, you can try the suggestion that I posted above, which provides more flexibility across deployments.Malkin
M
6

Why you are getting this error

Quentin's answer explains this pretty well. I would clarify that you are getting a mixed content error.

How to fix this error

Although Quentin's answer offers the most ideal fix, it is sometimes more convenient to solve mixed content errors using a protocol-relative URL, where the http[s]?: prefix is removed from the URL. For example, change this:

http://connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F

to this:

//connect.odnoklassniki.ru/dk?st.cmd=extOneClickLike&uid=odklocs0&
ref=https%3A%2F%2Fmult-privet.com%2F

by removing the http: prefix. It will let the browser determine the protocol. When using the protocol relative URL in the above example, if you are on an SSL encrypted page the browser will access the https://connect.odnoklassniki... URL, and on a non-SSL page, it will access the http://connect.odnoklassniki... URL, assuming that both protocols work for the URL.

There are, however, some pitfalls in using protocol-relative URLs, like ensuring that the server behind the URL is capable of serving both http and https protocols. This SO post addresses more reasons to use protocol-relative URLs.

Malkin answered 10/11, 2014 at 21:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.