HTTPS connection displays mixed-mode notice

Overview

Accessing a website, protected by SSL, yields a “mixed-mode” notice or the SSL indicator displays different than normal.

mixed-mode-indicator

Mixed mode encountered on a website using Firefox

Cause

SSL is designed to protect data transfer from third-party snooping through encryption. By accessing a resource over a non-encrypted stream (e.g. including an image on a site as <img src=”http://mysite.com/img.jpg” />), this protection is circumvented. The request is made without encryption allowing third-parties to potentially sniff traffic. Browsers will alert you when these situations are encountered as security is of everyone’s absolute utmost concern.

Solution

Two options exist, either change all links from http:// to https:// or as a more concise form, use a protocol-relative URL by omitting the protocol entirely such that <img src=”http://mysite.com/img.jpg” /> becomes <img src=”//mysite.com/img.jpg” />

See also

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.