I have an SSL cert installed to have a secure commerce area. Some of the pages have external links to non-secure sites like say http://google.com The padlock icon breaks and warns that there’s unauthorized content. The hosting provider says it’s because the external links need to be https links. Obviously that can’t be done to a non-secure external site.
So the question is: do external http links break security on a secure https page? If so, is there a work around other than removing external links?
Any reference to a non secure image path or script or html page will cause the lock icon to break, on a page which already has SSL installed. The lock will be on, only if the entire website is referring links with https.
Great explanation! Now it really clicked for me. In fact, I made a test page with nothing more than http links in a blank page and called it as a https page and the page passes w/flying colors.
There are many people like me who are unclear… like the stupid sys admins at the host who wrote “Anything linking to http:// on an [URL=“https:///”]https:// url is going to cause the lock to not be fully secured”.
having this problem. And i believe it is the stat counter script i added. So, understanding the problem is great, but how to get around it. If i add https to the stat counter script code will it affect the stat counter reading our site. Or is there another way that works?
many thanks and also for someone starting this thread.
you are of course correct, though my default mode is to obtain validation from someone i’m communicating with. although a fan of technology i’m a hippy luddite at heart and like real people who know stuff to inform me first
Thanks for the link though, appreciate your time and effort.