This article explains how to migrate all insecure “mixed content” to HTTPS and block insecure content by default. Here are some approaches to solving the “mixed content” problem: locate the page template or code that fills the page and change http to https; download external files before making changes; launch a request to apply the changes to the entire http.
Mixed content is content under an HTTPS certificate site, but the resources are not secure.
To further improve user privacy protection, Google announced on October 3, 2019, that it would migrate all insecure “mixed content” to HTTPS and block insecure content by default. In other words, users might not see some content on your website. If you are loading an unsecured HTTP connection on a secure page, you should think about fixing them. We will come back to this announcement in more detail in this article. Besides, we will see all the options available to you in such cases.
HTTP stands for “HyperText Transfer Protocol.” It is a language used by the web to communicate requested resources between web clients and a server. HTTPS is the secure version of HTTP. To encrypt the communication between a web client and a server, you need HTTPS. One of the advantages of HTTPS is that it prevents data transmitted between clients and servers from being easily corrupted or interpreted by malicious third parties.
We talk about mixed content when your HTML document loads with both a secure HTTPS connection and an unsecured HTTP connection. For example, if you install an SSL certificate on your website and upload content like images, scripts, or videos over an insecure connection, we’ll say your web page is unsecured mixed content.
The above statement means that all content with an insecure connection will not display on a user’s browser unless they allow it. This feature was available on Chrome for script and iFrame. Google has just extended this functionality to all types of resources. You are asked to make some adjustments to your website.
Below are some deadlines that are likely to be or occur in the way chromium treats “mixed content.”
Google released a stable channel in Chrome 79. A new setting is used to unblock mixed content on specific sites. As announced by Google, a user can now toggle the configuration by clicking on the HTTPS lock. Previously there was a red shield icon to the right of the URL.
It was the turn of audio and video resources (Chrome 80). Therefore, if you have audio or video from an insecure source, you will need to unlock the above setting.
Note that you can still do images on Chrome 80. You will notice that your web page will display a “Not Secure” notice.
Any “mixed content” you upload will not be displayed unless a user decides to enable the setting.
In case you did not understand, there are many effects associated with this change. Here are a few :
Not many people will want to stay on a website if they feel the site is not secure. Although the notice would not technically “harm” a visitor, they may feel threatened and leave. As a result, you may see a decrease in the number of your visitors. We all know that a web page’s popularity also depends on the number of visitors and the length of their stay.
The source of “mixed content” could be:
As the owner of a website, you may or may not have enough information about the file’s location on your server. The source can be found directly in your code or third-party resources. Below are the options to resolve the issue.
You can find the page template or the code that fills the page and change HTTP to HTTPS. For example, suppose you have an image https://prositeweb.ca/images.jpg that causes the “Mixed Content” notice. To resolve it, you will need to locate where the file is and replace the “HTTP:” with “HTTPS:” Eventually, you will have https://prositeweb.ca/images.jpg.
In this case, you will try to apply the above recommendation. Two things can happen; if the external site is secure, you will be fine. However, if it is not secure, you will still see the notice. At this point, I will recommend that you either download the external file (if you have the right) or look for an alternative.
If you use a database to feed content on your site, all of your mixed content can be found directly in your database. In this case, you must issue a request to apply the change to the entire “HTTP:” connection. The article below can guide you through the steps How to create a domain without cookies “. Pay attention to the point “3. Update your SQL database with the following query” almost at the end of the article.
Changing all requests from “HTTP:” to “HTTPS:” may not be safe when dealing with third-party resources. For example, if you are using external software to display vlogs on your website via iFrame or API, the change will not be helpful if the media is not secure. In this case, if you can, you can check with the provider for an SSL update. Otherwise, check if you can have another secure resource to perform the same function.
The article was about a secure website that uploaded unsecured “mixed content.” Throughout the report, we have discussed what it means to have insecure “mixed content.” We also saw the approaches to solving the problems.
If you have a problem with loading insecure resources, and you did not get an answer in this article, can you tell us about your situation? We will be happy to help you.
If you like this article, this one might interest you: