https site with no mixed content and EV cert is shown as mixed and not identifiying itself
My site https:orderform page contains only https images and website has an EV cert that is valid and current. With history cleared and visiting page for first time Firefox reports that page contains mixed content and that site does not identify iteself.
Hitting F5 to refresh the page address bar correctly shows green with no mixed content popup and that side idenfies itself. SSLCertificateChainFile has been added and this makes no difference. Problem does not occur in other browsers (IE, Safari, Chrome). A new FF profile has been tried but same problem occurs.
Why would refeshing the page work?
Problem affects all firefox browsers 3.5 to 14.01. I dont know about those <3.5.
I have read and tried most suggestions in forum and elsewhere but cant find a solution.
I have not provided the url as this is my order page and its important for me to see genuine visitors.
Solution choisie
First thank you for your comments jscher2000
I Thought I had fixed it but I needed to clear history and switch computer off for a few more minutes for error to reappear. Well as it turns out it wasnt the difference between direct replacement and replace(). However this worked.
if(xFf) setTimeout(function(){top.location.href='https://ord.html' },300);
Thus allowing any following javascript (pending requests) to complete as suggested. I came to the same conclusion prior to reading your comments.
NOW WORKING
However redirection on the server is a more robust solution.
Lire cette réponse dans son contexte 👍 0Toutes les réponses (7)
Does this problem happen on all PCs you've tried, or only from yours or within your network?
If you check the Page Info dialog > Media tab when this happens, can you find any non-https images or media?
Do you have Firebug installed? Can you find any non-https retrievals on its Net tab?
First a reply to Jsher2000 Thank you for your suggestions. Yes and Yes did this ages ago but no non-https content.
I have found a workaround for what appears to be a bug in Firefox:-( Here is the non-perfect workaround. First Detect firefox
xUA=navigator.userAgent.toLowerCase() xFf=xUA.indexOf('firefox')!=-1
if(xFf) top.location.href='https://ord.html' else top.location.replace( 'https://ord.html' )
The current non-secure page is being replaced with a secure one. Internet Quote: "The difference between location.href and location.replace is that the former creates a new history entry on the visitor's browser meaning that if they hit the back button, they can get in a 'redirection loop' which is usually undesirable and may have unwanted side effects."
It appears that FF is using some content (cached) from the previous non-secure page when replacing - leading to the mixed content and non-identified site. An F5 refresh or reload of current page will show that site identifies iteself and there is no mixed content.
In summary its a Firefox Bug.
In by reply it appears that carriage returns have been removed from code. Add semicolons as necessary to code to get working. ie. xUA=navigator.userAgent.toLowerCase();
I've tried this on a few sites and assuming there is a valid SSL certificate, I don't get mixed content.
Open site
Open the web console (Ctrl+Shift+k)
Paste the following code (it's all one line) and press Enter
if (window.location.protocol != "https") window.location.replace(location.href.replace("http","https"));
Maybe there's a difference between running it interactively and running it in script in the page. Are you allowing all pending requests to complete before running replace?
Note: tested on these pages:
http://www.google.com/
http://www.youtube.com/
https://jeffersonscher.com/photos/Maui07/index.php
Modifié le par jscher2000 - Support Volunteer
Is there any reason that someone would view that page using a non-SSL connection? If not, you might want to do the redirection on the server. This could be done in PHP or in .htaccess, for example.
Solution choisie
First thank you for your comments jscher2000
I Thought I had fixed it but I needed to clear history and switch computer off for a few more minutes for error to reappear. Well as it turns out it wasnt the difference between direct replacement and replace(). However this worked.
if(xFf) setTimeout(function(){top.location.href='https://ord.html' },300);
Thus allowing any following javascript (pending requests) to complete as suggested. I came to the same conclusion prior to reading your comments.
NOW WORKING
However redirection on the server is a more robust solution.
Thanks for reporting the results of your testing.