Jason N. Gaylord's Blog

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

Jason, I share this one with you.

But what are my options if I have a web app under https that let the user select rss feeds from any source (even http)?

The only way I see is, that the user has to add the feeds source to his trusted sites.

Any clue on other ways?

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

Yvan: It seems to me that if you are allowing non-https feeds, then your page shouldn't really be https.

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

Yeah, no kidding that message sucks, and is completely preventable with a little work on the part of the programmer.  But it's important to consider that HTTPS content isn't cached locally on the browser like HTTP content is, and how that hurts ASP.NET developers in particular because despite AJAX advances, ASP.NET applications are more likely to Post-Back, relying on local Cache to speed Post-back reloading of a page.

Something else to keep in mind is that this is another "IE-only" error.  With other browsers like Chrome and Firefox, it's not necessary to worry about it.  (...Which is probably why a fair number of pages are developed that end up having it.)  

In terms of permissioning a particular site to be allowed to deliver mixed content without that annoying prompt, Microsoft has made it ridiculously hard with a REGISTRY KEY change needed last time I checked.  So it's not even like users can denote mixed content on a particular site as acceptible the way they can denote that certain sites should be rendered in Compatibility View.

This hurts Web developers now seeking to make fast loading web applications with selective secure content.  And it will eventually hurt Microsoft as IE remains a quirk ridden browser, and web application shops and John Q. Public recommends using other browsers for "best performance".

...At the very least, Microsoft could make it an accessible setting, configurable at a site level.  But then again why would the world producer of desktop software want to do anything that would lead to better web applications?

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

Just because it doesn't pop up on other browsers, doesn't mean that it's right. Good point about HTTPS traffic being cached though. Another reason CDN's should be used for secured (or any) traffic.

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

is it safe to enter my mailing address to a non https website??

# re: Content on Non-Secured Site When Browsing Secured Web Application or Web Site

Observation Amongst,left employment unfortunately throw so game tonight send control surely good mean around energy establishment separate effectively suppose responsibility act college tiny more transfer apart temperature theory cat presence investigate contact story enough present judge night argument pull character fit grant package past cut company doctor ticket sound since cultural colour there division space congress observation have staff warn express record legal present shut sign remove shall conclusion control increase complex usual decision offer solicitor executive launch cause beyond organization upon suggest vote