A user just reported a funny issue. When logging into backoffice IE present them with the following question:
Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
The funny thing is that everything seems to work perfectly no matter if you answer Yes of No. Using both Fiddler and FireBug I cannot pinpoint the unsecure request either.
Backoffice is located on a SSL site, the certificate is ok, and umbracoUseSSL is turned on in the web.config.
I've also tested the thing in different browsers, and it only seems to be IE that shows this error - FF and Chrome doesn't.
The site has just been upgraded from 4.0.3 to 4.5.2.
I've encountered this after upgrading to 4.7.0 from 4.5.2, but I never experienced it on 4.5.2. I filed an issue about it here: http://umbraco.codeplex.com/workitem/30114 . I thought it was the links to the videos in the Content > Getting Started dashboard, but I removed those and I still get the warning in IE 8.
I ran into the same issue (with IE7 and IE8) ith a 4.7.1 version of Umbraco. It was hell of a job to figure out what went wrong because it had nothing to do with HTTP links. After a lot of javascript debugging I found out that the warnings were caused by the tree.
When there are PNG-background images used in the tree (for example the image of the recycle bin) the browser gives a warning because the path to the image is marked as insecured. The path does not contain http:// links but relative links like /umbraco/images/umbraco/bin_empty.png.
IE security question when logging into backoffice
A user just reported a funny issue. When logging into backoffice IE present them with the following question:
Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
The funny thing is that everything seems to work perfectly no matter if you answer Yes of No. Using both Fiddler and FireBug I cannot pinpoint the unsecure request either.
Backoffice is located on a SSL site, the certificate is ok, and umbracoUseSSL is turned on in the web.config.
I've also tested the thing in different browsers, and it only seems to be IE that shows this error - FF and Chrome doesn't.
The site has just been upgraded from 4.0.3 to 4.5.2.
Anyone else experiencing this behavoir?
/Rune
I've encountered this after upgrading to 4.7.0 from 4.5.2, but I never experienced it on 4.5.2. I filed an issue about it here: http://umbraco.codeplex.com/workitem/30114 . I thought it was the links to the videos in the Content > Getting Started dashboard, but I removed those and I still get the warning in IE 8.
I ran into the same issue (with IE7 and IE8) ith a 4.7.1 version of Umbraco. It was hell of a job to figure out what went wrong because it had nothing to do with HTTP links. After a lot of javascript debugging I found out that the warnings were caused by the tree.
When there are PNG-background images used in the tree (for example the image of the recycle bin) the browser gives a warning because the path to the image is marked as insecured. The path does not contain http:// links but relative links like /umbraco/images/umbraco/bin_empty.png.
I have fixed this by adding the protocol and hostname before the path like: https://www.website.nl/umbraco/images/umbraco/bin_empty.png
I made the change in the jquery.tree.js file in /umbraco_client/trees/jquery.tree.js with the following code:
Old:
if (data.data.icon) {str += "<ins " + (data.data.icon.indexOf("/") == -1 ? " class='" + data.data.icon + "' " : " style='background-image:url(\"" + data.data.icon + "\");' ") + "> </ins>";
}
Changed into:
if (data.data.icon) {var url = location.protocol+'//'+location.hostname+(location.port ? ':'+location.port: '');
data.data.icon = url + data.data.icon;
str += "<ins " + (data.data.icon.indexOf("/") == -1 ? " class='" + data.data.icon + "' " : " style='background-image:url(\"" + data.data.icon + "\");' ") + "> </ins>";
}
This worked for me!
is working on a reply...