Ssl - browser warning on IE - page contains both secure a

hi,

i’ve installed my SSL certificate on my server and updated my lighttpd
conf file.

using Safari, when i browse to https://mysite.com the site appears in an
encrypted window.

with IE6 I get a warning message - this page contains both secure and
non secure items. do you want to display the non-secure items?".

the page is fully displayed and nothing appears to be missing. all
subsequent pages appear ok.

i only get the warning message again when i return to my home page.

any ideas what might be wrong?

-john

do a view-source and make sure you’re not linking to any files on the
http:// protocol. like JS, CSS or image files.

ed

Ed Hickey wrote:

do a view-source and make sure you’re not linking to any files on the
http:// protocol. like JS, CSS or image files.

ed

cheers ed,

it was my google analytics link. it had been:

so i changed the first line to https://

now IE complains that my SSL certificate is valid but does not match the
name of the site - google.com
so presumably i need to leave the home page (a login page) with my
google urchin on http and secure only those pages after login. how to
move from http: on page 1 to force https: on subsequent pages is the
subject of seperate post

thanks for your help

-john

put a link to download firefox on your page so users get a real browser!

2007/1/24, Jeff B. [email protected]:

On 1/24/07, John H. [email protected] wrote:

-john

I ran into the same issue after adding Google anaytics to my pages.
What I ended up doing was to use and if statement in the view to only
output the google analytics for pages that I want to allow it (which
are most my unsecure pages).

That can be as simple as

<%= if @allow_google_analytics %>

google stuff here

<% end -%>

and then in your controller just put a before_filter to call a method
to set the variable when you will want google_analytics.

so you might have something like

before_filter :allow_google_analytics

private

def allow_google_analytics
@allow_google_analytics = true
end

As for switching to https from your pages, you can simply use https in
a url or if you are using link_to/url_for helpers then there is a
:protocol option to allow you to change it.

There also is a plugin called ssl_requirement that can be used to
automatically insure you are secure and will redirect if they aren’t.
Depending on your needs this may help as well.

Blessings,


Jeff B., MasterView project founder
Inspired Horizons Ruby on Rails Training and Consultancy
Next Ruby on Rails plus JRuby workshop Feb 22-24 St. Louis, MO
http://inspiredhorizons.com/training/rails/index.html
Limited seating, register now!

On 1/25/07, Peter E. [email protected] wrote:

put a link to download firefox on your page so users get a real browser!

While I agree that everyone should be using Firefox, the issue exists
in both browsers. In Firefix you will get an indication that part of
the page is insecure as well, which is a good thing.


Jeff B., MasterView project founder
Inspired Horizons Ruby on Rails Training and Consultancy
Next Ruby on Rails plus JRuby workshop Feb 22-24 St. Louis, MO
http://inspiredhorizons.com/training/rails/index.html
Limited seating, register now!

Google have an SSL link for analytics. This will work on both SSL & non
SSL pages.

Try using this as the url in you analytics javascript; or you may need
to regenerate your code using https://www.yoursite.com instead of
http://www.

https://ssl.google-analytics.com/urchin.js

rgds,

  • matt.

John H. wrote:

Ed Hickey wrote:

do a view-source and make sure you’re not linking to any files on the
http:// protocol. like JS, CSS or image files.

ed

cheers ed,

it was my google analytics link. it had been:

so i changed the first line to https://

now IE complains that my SSL certificate is valid but does not match the
name of the site - google.com
so presumably i need to leave the home page (a login page) with my
google urchin on http and secure only those pages after login. how to
move from http: on page 1 to force https: on subsequent pages is the
subject of seperate post

thanks for your help

-john

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs