I have a web application that works great on my own machines, great on my client PCs, but on the computers of my clients every page they visit gets an invitation for mixed content.
However, it doesn’t matter if they answered yes or no to the question, they still get all the functionality of the site.
We cannot ask them to turn off the warning, because then they consider our application to be unsecured and do not use it.
I installed Httpwatch and none of the resources or downloadable URLs are safe. The code base for any flash objects is called using https: I checked any calls to the removechild () function in scripts, and not one of them is called in a div with a background image. We have no javascript calls: empty space in the code base.
I do not understand what to check next. Is there any way without being too intrusive to find out what unsafe objects the page is trying to load? It must be something that will work on IE7 or 8, as we are not allowed to install anything on their machines.
Jimoc source
share