Need to prevent “This page has insecure content” message on chrome browser? [duplicate]


Possible Duplicate:
How to make my site valid using SSL?

As soon as my portal lands on home page, "this page has insecure content" message appears on Chrome browser only. The site is SSL enabled and no issues of certificate configurations. And there are some javascript files included in jsp pages using URL, e.g. http://www.site.com/js/script.js . Those are not SSL enabled sites. Now, I can't host those JS files on SSL enabled site as its beyond my control. I don't have access to those JS files. Client says we need to fix this. Can anybody suggest what should be the approach?

Thanks

I would advise you to copy the JS files to your secure server so that they can be hosted securely.

If you have http:// content on a https:// page, you will always get this warning.


If your site is sensitive and requires HTTPS, the last thing you really want to be doing is to load untrusted Javascript from someone else's server, whether over HTTP or HTTPS. Even though it is loaded from a remote server, that script will run with full local privileges, the same as any JS you host yourself as part of your application. - You essentially have a built-in-by-design cross-site scripting vulnerability.

What happens if the third-party site hosting that javascript file get hacked and the JS is changed to something malicious? Your users and their data are compromised! Plus, you would never know. (unless you regularly test the integrity of the remote file)

If you have permission to do so, host the JS yourself. If you don't, re-develop the functionality yourself, or find a similar library that you do have permission to host.