Re: [IUG] Secure/Nonsecure mixed content warning in OPAC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
The hyperlinks shouldn't require changing. Having href's in anchor tags pointing to non-https URLs won't cause the mixed content warning.

However, all script, img, and link (for stylesheets) tags pointing to absolute links must use https:// on SSL-secured pages. Following the instructions at http://msdn.microsoft.com/en-us/library/ee264315(VS.85).aspx, you can use a program called Fiddler to see what's causing problems on your particular page.

The Syndetics scripts are part of the problem. Unfortunately, it doesn't look like your Syndetics is accessible over SSL, as trying to access https://plus.syndetics.com/widget.php?id=bedf results in a 404. You'll need to talk to your vendor about enabling SSL access.

In our WebPAC, I've created JavaScript that checks if the page is being accessed over SSL and dynamically generates script & link tags using "http" or "https" as appropriate. If you'd like to see this code, go to http://evans.evpl.org/ & view the page source. This code is on lines 303 - 311. You could implement code like this once your Syndetics has SSL access enabled.

Thanks,
Josh Weiland
Webmaster
Evansville Vanderburgh Public Library
http://www.evpl.org

-----Original Message-----
From: innopac-bounces at innovativeusers dot org [mailto:innopac-bounces at innovativeusers dot org] On Behalf Of Mosquera, Pedro - HPL
Sent: Wednesday, December 15, 2010 1:54 PM
To: IUG INNOPAC List
Subject: Re: [IUG] Secure/Nonsecure mixed content warning in OPAC

Your problem is that you have absolute links in your html code to several websites like
*- <script type="text/javascript" src="http://plus.syndetics.com/widget.php?id=bedf";></script>
*- <a onMouseOver="javascript:change('Return to Bedford Public Library home page.')" onMouseOut="javascript:change('')" href="http://www.lib.bedford.tx.us/";>
*- <a onMouseOver="javascript:change('Search the catalog, discover new titles, bestsellers and more.')" onMouseOut="javascript:change('')" href="http://catalog.lib.bedford.tx.us/search";>
*- <a href="http://www.lib.bedford.tx.us/libraryELF.html";>
*- and more......

The warning is saying that you have secure (https) and non-secure (http) content which is true. Try pointing all your absolute links to https. Sometimes you need to check all your external JavaScript files as well.

Regards,
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Pedro Mosquera                      Pedro dot Mosquera at houstontx dot gov
Microcomputer Analyst         
Houston Area Library
Automated Network (HALAN)
http://www.halan.lib.tx.us
500 McKinney St.                      Phone: (832) 393-1418
Houston, TX. 77002                  Fax: (832) 393-1427
   please print responsibly
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~




-----Original Message-----
From: innopac-bounces at innovativeusers dot org [mailto:innopac-bounces at innovativeusers dot org] On Behalf Of Johnson, Barbara
Sent: Wednesday, December 15, 2010 12:52 PM
To: INNOPAC at innovativeusers dot org
Subject: [IUG] Secure/Nonsecure mixed content warning in OPAC

We just upgraded to Release 2009 and turned on the SSLPort setting. Now we are getting the secure/nonsecure mixed content warning when going to /patroninfo or placing holds. I've read posts on the list and tried several things including deactivating the INSERTTAG_HTML option, changing/removing botlogo, etc. We have Library Thing for Libraries, Google Books Preview and Syndetics enabled so I tried various things to take those settings out of the mix but we still get the security warning. I wonder if someone could pinpoint my problem or point out something else to try. Right now the SSLPort is disabled since patrons did not like having to answer the popup security messages but I'm hoping that someone might be able to point me in the right direction.

Thanks,
Barbara

Barbara Glassford Johnson
Technical Services Manager/Systems Administrator Bedford Public Library
1805 L. Don Dodson Dr.
Bedford, TX 76021
817-952-2360
817-952-2396 (fax)
barbara dot johnson at ci dot bedford dot tx dot us<mailto:barbara dot johnson at ci dot bedford dot tx dot us>


________________________________
CoB CONFIDENTIALITY NOTICE: This e-mail transmission is intended only for the use of the individual to whom it is addressed and may contain information that is confidential, privileged, and exempt from disclosure. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you have received this email in error, please notify the sender immediately by return e-mail and destroy all electronic and paper copies of the original message and any attachments immediately.

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.



--- StripMime Report -- processed MIME parts ---
multipart/alternative
text/plain (text body -- kept)
text/html
---
--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC at innovativeusers dot org
Update your subscription options: http://innovativeusers.org/iug-discussion-list

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC at innovativeusers dot org
Update your subscription options: http://innovativeusers.org/iug-discussion-list

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.