How to figure out what's causing non-secure items alert?

Hi,

I'm using PC IE 7. When I visit a particular page, I get the message
"This page contains both secure and nonsecure items. Do you want to
continue?" How do I figure out what's causing this error?

The only reference I can find to "http://" is at the top of my page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

But maybe there's a more precise way in IE 7 to figure out what's
causing the dialog. Grateful for your help, - Dave

It's not an error. It's for your information. The browser is telling you
that only parts of the page contain items that are authenticated and
possibly encrypted for transmission.

To see the difference, view the page both ways (i.e., with and without
the nonsecure items.)

Keep in mind that a single web page can contain data from several
servers. Not all the data needs to be secured.

---
Leonard Grey
Errare humanum est

laredotornado wrote:
> Hi,
>
> I'm using PC IE 7. When I visit a particular page, I get the message
> "This page contains both secure and nonsecure items. Do you want to
> continue?" How do I figure out what's causing this error?
>
> The only reference I can find to "http://" is at the top of my page
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
> "http://www.w3.org/TR/html4/strict.dtd">
>
> But maybe there's a more precise way in IE 7 to figure out what's
> causing the dialog. Grateful for your help, - Dave

The behavior isn't new in IE7. See this KB article (middle of page):

A Description of the Changes to the Security Settings of the Web Content
Zones in Internet Explorer 6
http://support.microsoft.com/kb/300443
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


laredotornado wrote:
> I'm using PC IE 7. When I visit a particular page, I get the message
> "This page contains both secure and nonsecure items. Do you want to
> continue?" How do I figure out what's causing this error?
>
> The only reference I can find to "http://" is at the top of my page
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
> "http://www.w3.org/TR/html4/strict.dtd">
>
> But maybe there's a more precise way in IE 7 to figure out what's
> causing the dialog. Grateful for your help, - Dave

On Jul 21, 8:13*am, Leonard Grey <l.g...@not.valid.net> wrote:
> It's not an error. It's for your information. The browser is telling you
> that only parts of the page contain items that are authenticated and
> possibly encrypted for transmission.
>
> To see the difference, view the page both ways (i.e., with and without
> the nonsecure items.)
>
> Keep in mind that a single web page can contain data from several
> servers. Not all the data needs to be secured.
>
> ---
> Leonard Grey
> Errare humanum est
>
>
>
> laredotornadowrote:
> > Hi,
>
> > I'm using PC IE 7. *When I visit a particular page, I get the message
> > "This page contains both secure and nonsecure items. Do you want to
> > continue?" *How do I figure out what's causing this error?
>
> > The only reference I can find to "http://" is at the top of my page
>
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
> > * * * * * * "http://www.w3.org/TR/html4/strict.dtd">
>
> > But maybe there's a more precise way in IE 7 to figure out what's
> > causing the dialog. *Grateful for your help, - Dave- Hide quoted text-
>
> - Show quoted text -

Unfortunately it is not possible to view the page over a non-secure
port, but by eyes, the page looks fine, I just want that annoying
alert to go away.

Would this alert come up if there were unsecured data from other
servers? Is the above declaration I have included a reason why this
alert would come up?

Thanks, - Dave

"Would this alert come up if there were unsecured data from other
servers?"
That's usually why it appears.

To do away with the message: Tools > Internet Options > Advanced > 'Warn
if changing between secure and not secure mode'

Like I said, it's just for your information, so you can make an informed
choice about whether you want to enter personal information on a form.

---
Leonard Grey
Errare humanum est

laredotornado wrote:
> On Jul 21, 8:13 am, Leonard Grey <l.g...@not.valid.net> wrote:
>> It's not an error. It's for your information. The browser is telling you
>> that only parts of the page contain items that are authenticated and
>> possibly encrypted for transmission.
>>
>> To see the difference, view the page both ways (i.e., with and without
>> the nonsecure items.)
>>
>> Keep in mind that a single web page can contain data from several
>> servers. Not all the data needs to be secured.
>>
>> ---
>> Leonard Grey
>> Errare humanum est
>>
>>
>>
>> laredotornadowrote:
>>> Hi,
>>> I'm using PC IE 7. When I visit a particular page, I get the message
>>> "This page contains both secure and nonsecure items. Do you want to
>>> continue?" How do I figure out what's causing this error?
>>> The only reference I can find to "http://" is at the top of my page
>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
>>> "http://www.w3.org/TR/html4/strict.dtd">
>>> But maybe there's a more precise way in IE 7 to figure out what's
>>> causing the dialog. Grateful for your help, - Dave- Hide quoted text -
>> - Show quoted text -
>
> Unfortunately it is not possible to view the page over a non-secure
> port, but by eyes, the page looks fine, I just want that annoying
> alert to go away.
>
> Would this alert come up if there were unsecured data from other
> servers? Is the above declaration I have included a reason why this
> alert would come up?
>
> Thanks, - Dave

On Jul 21, 11:23*am, Leonard Grey <l.g...@not.valid.net> wrote:
> "Would this alert come up if there were unsecured data from other
> servers?"
> That's usually why it appears.
>
> To do away with the message: Tools > Internet Options > Advanced > 'Warn
> if changing between secure and not secure mode'
>
> Like I said, it's just for your information, so you can make an informed
> choice about whether you want to enter personal information on a form.
>
> ---
> Leonard Grey
> Errare humanum est
>
>
>
> laredotornadowrote:
> > On Jul 21, 8:13 am, Leonard Grey <l.g...@not.valid.net> wrote:
> >> It's not an error. It's for your information. The browser is telling you
> >> that only parts of the page contain items that are authenticated and
> >> possibly encrypted for transmission.
>
> >> To see the difference, view the page both ways (i.e., with and without
> >> the nonsecure items.)
>
> >> Keep in mind that a single web page can contain data from several
> >> servers. Not all the data needs to be secured.
>
> >> ---
> >> Leonard Grey
> >> Errare humanum est
>
> >> laredotornadowrote:
> >>> Hi,
> >>> I'm using PC IE 7. *When I visit a particular page, I get the message
> >>> "This page contains both secure and nonsecure items. Do you want to
> >>> continue?" *How do I figure out what's causing this error?
> >>> The only reference I can find to "http://" is at the top of my page
> >>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
> >>> * * * * * * "http://www.w3.org/TR/html4/strict.dtd">
> >>> But maybe there's a more precise way in IE 7 to figure out what's
> >>> causing the dialog. *Grateful for your help, - Dave- Hide quoted text -
> >> - Show quoted text -
>
> > Unfortunately it is not possible to view the page over a non-secure
> > port, but by eyes, the page looks fine, I just want that annoying
> > alert to go away.
>
> > Would this alert come up if there were unsecured data from other
> > servers? *Is the above declaration I have included a reason why this
> > alert would come up?
>
> > Thanks, - Dave- Hide quoted text -
>
> - Show quoted text -

I'm concerned about other users coming to the page and seeing this
message. I would like to figure out what these non-secure items are
but I don't know how. Do you? -

"laredotornado" <laredotornado@zipmail.com> wrote in message
news:ad8096d4-c96b-47cf-bbe7-9731b2fc0b5c@c65g2000hsa.googlegroups.com...

<QP>

I'm concerned about other users coming to the page and seeing this
message. I would like to figure out what these non-secure items are
but I don't know how. Do you? -

</QP>


Use View Source (Alt-V,c) and search for src=

or use the Privacy Report (Alt-V,v) and look for mixed protocol
from your page.

If you need more help please find an example publicly accessible page
which demonstrates the problem symptoms and post its URL.


---

On Jul 21, 3:49*pm, "Robert Aldwinckle" <rob...@techemail.com> wrote:
> "laredotornado" <laredotorn...@zipmail.com> wrote in message
>
> news:ad8096d4-c96b-47cf-bbe7-9731b2fc0b5c@c65g2000hsa.googlegroups.com...
>
> <QP>
>
> I'm concerned about other users coming to the page and seeing this
> message. *I would like to figure out what these non-secure items are
> but I don't know how. *Do you? -
>
> </QP>
>
> Use *View Source *(Alt-V,c) *and search for *src=
>
> or *use the *Privacy Report *(Alt-V,v) *and look for mixed protocol
> from your page.
>
> If you need more help please find an example publicly accessible page
> which demonstrates the problem symptoms and post its URL.
>
> ---

I did a view source and there is nothing suggesting an insecure
resource. Because this page is on an Intranet, I can't post a public
URL, but below is the source. Thanks for your help again, - Dave




<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<title>Application Configuration Grid</title>
<link rel="stylesheet" type="text/css" href="../scripts/dojo/
resources/dojo.css"/>
<link rel="stylesheet" type="text/css" href="../scripts/dijit/themes/
tundra/tundra.css"/>

<link rel="stylesheet" type="text/css" href="../css/portal.css"/>
<link rel="stylesheet" type="text/css" href="../css/Grid.css"/>

<script type="text/javascript" src="../scripts/dojo/dojo.js"
djConfig="isDebug:false, parseOnLoad: true"></script>
<script type="text/javascript">
dojo.require("dijit.Dialog");
dojo.require("dojo.data.ItemFileWriteStore");
dojo.require("dijit.form.TextBox");
dojo.require("dijit.form.FilteringSelect");

dojo.require("dojox.grid.Grid");
dojo.require("dojox.grid._data.model");
dojo.require("dojo.parser");
dojo.require("dojox.lang.functional");
</script>


<script type="text/javascript">
var appId = "null";
var appName = "null";
var selectedElement;

//
================================================== ========================
// Grid structure
//
================================================== ========================
var view1 = {
cells: [
[{width: 'auto', name: 'Element Name', field:
'name',width: "25%", editor: dojox.grid.editors.input},
{width: 'auto', name: 'Config Key', field: 'key',width: "25%",
editor: dojox.grid.editors.input},
{width: 'auto', name: 'Attribute', field: 'attribute',width:
"25%", editor: dojox.grid.editors.input},
{width: 'auto', name: 'Attribute Value', field: 'value',width:
"25%", editor: dojox.grid.editors.input}
]
]
};
var gridLayout = [ view1 ];

//
================================================== ========================
// Create a data model
//
================================================== ========================
var gridColumns = [{id:"name",label:"Element Name"},
{id:"key",label:"Config Key"},
{id:"attribute",label:"Attribute"},
{id:"value",label:"Attribute Value"}
];
var gridModel = { items: [] };

var gridStore = new dojo.data.ItemFileWriteStore({data:gridModel});

var model = new dojox.grid.data.DojoData(null,gridStore);
</script>
<script type="text/javascript" src="../scripts/ConfigGrid.js"></
script>
<script type="text/javascript" src="../scripts/main.js"></script>


</head>

<body class="tundra">
<div dojoType="dijit.layout.ContentPane" layoutAlign="top">
<form id="configForm" name="configForm" method="post" action="/
nps_config_gui/jsp/ConfigGrid.jsf" enctype="application/x-www-form-
urlencoded" onsubmit="return saveGridData();">
<input type="hidden" id="appName" name="appName" value="" />
<input type="hidden" id="configData" name="configData" value="" />
<input type="hidden" id="startConfigData" name="startConfigData"
value="[]" />
<input type="hidden" id="configAction" name="configAction" value="" /
>
<div style="padding-left: 40px;">

<div id="applicationSelectSpan">
Choose Application:


<select id="configForm:applicationSelect"
name="configForm:applicationSelect" size="1"
onchange="document.getElementById('appName').value =
this.value;this.form.submit();"> <option value=""
selected="selected">-- Select Application --</option> <option
value="IM_GUI">Configure IM_GUI</option> <option
value="NPS_CONFIG_GUI">Configure NPS_CONFIG_GUI</option> <option
value="DAVE_TEST">Configure DAVE_TEST</option></select>
</div>
<br/><br/>

<span id="elementSelectSpan">
Choose Element:

<select id="configForm:elementSelect"
name="configForm:elementSelect" size="1" onchange="loadElements()">
<option value="" selected="selected">-- All Elements --</option></
select>
</span>
<span id="keySelectSpan">
Choose Config Key:


<select id="configForm:keySelect" name="configForm:keySelect"
size="1" onchange="loadKeys()"> <option value=""
selected="selected">-- All Keys --</option></select>
</span>

<br/><br/>
<div id="grid" dojoType="dojox.Grid" model="model"
structure="gridLayout" singleClickEdit="true" autoHeight="true">
<script type="dojo/method" event="onApplyEdit" args="">
if (this.model.data[this.selection.selectedIndex].flag == 'old')
{
this.model.data[this.selection.selectedIndex].flag="update";
}
</script>

</div>
<br />
<div id="rowCount"></div>
<br />
<div id="controls">

<input type="button" onClick="addRow()" value="Add Row"
class="npsButton"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)"/>
<input type="button" onClick="deleteRow()" value="Remove"
class="npsButton"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)"/>&nbsp;&nbsp;&nbsp;
<input id="configForm:_idJsp7" name="configForm:_idJsp7"
type="submit" value="Apply" onclick="if(typeof
window.clearFormHiddenParams_configForm!='undefine d')
{clearFormHiddenParams_configForm('configForm');}"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)" class="npsButton" />
<input type="button" onClick="cancelEdit()" value="Cancel"
class="npsButton"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)"/>&nbsp;&nbsp;&nbsp;
</div>
</div>

<input type="hidden" name="configForm_SUBMIT" value="1" /><input
type="hidden" name="configForm:_link_hidden_" /><input type="hidden"
name="configForm:_idcl" /><script type="text/javascript"><!--

function clear_configForm()
{
clearFormHiddenParams_configForm('configForm');
}

function clearFormHiddenParams_configForm(currFormName)
{
var f = document.forms['configForm'];
f.elements['configForm:_link_hidden_'].value='';
f.elements['configForm:_idcl'].value='';
f.target='';
}

clearFormHiddenParams_configForm();
//--></script><input type="hidden" name="javax.faces.ViewState"
id="javax.faces.ViewState"
value="rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxB zKWwCAAB4cAAAAAN0AAE0cHQAEy9qc3AvQ29uZmlnR3JpZC5qc 3A=" /
></form>
<form id="addForm" name="addForm" method="post" action="/
nps_config_gui/jsp/ConfigGrid.jsf" enctype="application/x-www-form-
urlencoded">

<div dojoType="dijit.Dialog" id="dialog1" title="Add Row"
execute="handleInput(arguments[0])" class="inputDialog"
style="visibility: hidden;">
<script type="dojo/method" event="show">
this.inherited("show", arguments);
// set timeout to allow the browser to render dialog
setTimeout(dojo.hitch(self, function(){
dijit.focus(self.nameInput);
}), 500);
</script>
<table class="appAdmin dojoTabular">
<tr>
<td style="width: 80px;"><label for="name">Element Name: </
label></td>
<td><input id="addForm:nameInput" name="addForm:nameInput"
type="text" value="" size="50" /></td>
</tr>
<tr>

<td style="width: 80px;"><label for="name">Config Key: </label></
td>
<td><input id="addForm:keyInput" name="addForm:keyInput"
type="text" value="" size="50" /></td>
</tr>
<tr>
<td style="width: 80px;"><label for="name">Attribute Name: </
label></td>
<td><input id="addForm:attrInput" name="addForm:attrInput"
type="text" value="" size="50" /></td>
</tr>
<tr>

<td style="width: 80px;"><label for="name">Attribute Value: </
label></td>
<td><input id="addForm:valueInput" name="addForm:valueInput"
type="text" value="" size="50" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="button" class="npsButton" value="OK"
onclick="doAddRow()"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)"/>
<input type="button" class="npsButton" value="Cancel"
onclick="closeDialog()"
onmouseover="hoverGridButton(this)"
onmouseout="unhoverGridButton(this)"/>
</td>

</tr>
</table>
</div>

<input type="hidden" name="addForm_SUBMIT" value="1" /><input
type="hidden" name="javax.faces.ViewState" id="javax.faces.ViewState"
value="rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxB zKWwCAAB4cAAAAAN0AAE0cHQAEy9qc3AvQ29uZmlnR3JpZC5qc 3A=" /
></form>
</div>
<!-- MYFACES JAVASCRIPT -->

</body>

</html>

"laredotornado" <laredotornado@zipmail.com> wrote in message
news:ba5668b3-ff24-402b-af8b-43adfc6191d1@j22g2000hsf.googlegroups.com...
<QP2>
On Jul 21, 3:49 pm, "Robert Aldwinckle" <rob...@techemail.com> wrote:
> "laredotornado" <laredotorn...@zipmail.com> wrote in message
>
> news:ad8096d4-c96b-47cf-bbe7-9731b2fc0b5c@c65g2000hsa.googlegroups.com...
>
> <QP>
>
> I'm concerned about other users coming to the page and seeing this
> message. I would like to figure out what these non-secure items are
> but I don't know how. Do you? -
>
> </QP>
>
> Use View Source (Alt-V,c) and search for src=
>
> or use the Privacy Report (Alt-V,v) and look for mixed protocol
> from your page.
>
> If you need more help please find an example publicly accessible page
> which demonstrates the problem symptoms and post its URL.
>
> ---

I did a view source and there is nothing suggesting an insecure
resource. Because this page is on an Intranet, I can't post a public
URL, but below is the source. Thanks for your help again, - Dave

</QP2>

Have you tried my second suggestion yet? (Privacy Report looking
for http: URLs.)

A likely issue is that your HTML is modified by whatever your scripts do.
E.g. if they contain code which load images which have their URLs prefixed
by http: that could be the cause of your symptom.

What happens if you disable Active Scripting? E.g. using either Security Settings
Custom Level or using IE Developer Toolbar.


HTH

Robert
---