I have a HTTPS silverlight application (Finally), but i also have a call to get some map data from a non https website.
The issue is this call to the non https map data, which just consists of images (map tiles) and a list of countries. It displays a note to the user saying that the page contains unsecured(mixed) content, and would they like to display it.
** The map data is hosted on a internal server on the network and is 100% trusted and secure content. **
My question is are these three:
-
Is there anyway i can tell the user that the unsecured content is only map data and will only be pulled to the client once, and if they want to see the map in the application, they should press accept?
-
Or is there a way to display a custom message to the user from silverlight and store their decision to hide or show the “unsafe” content in the app ?
-
Or is there a way in the config files to specify a set or URIs that are safe and can be ignored when the browser is doing its mixed content check? Like if i wanted to specify a safe URI of http://mapdata.com/mapdata, could i do this along with some https setting in the webconfig file in silverlight?
Thanks for any help and time.
For security reasons, no you cannot overwrite that warning message. Imagine if a malicious site overwrote that message to say nothing was wrong? It’s meant to be something developers can’t mess with.
What you could do instead is tunnel the HTTP content over some HTTPS tunnel (maybe stunnel?). This will have some performance ramifications, but it should solve your mixed content issues.