Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When setting up a site to run over https:// is there a way to stop the page from blocking any external css or javascript loaded from standard http://.
Some of the external files are under the same domain, so could be called via https://, but some are from another domain that has no secure connection available.
There shouldn’t be. Such security measures are in place for good reason.
Even if you could remove them, doing so would be a very bad idea.
A man-in-the-middle attack would allow the JS or CSS (which can have embedded JS via various browser extensions) to be substituted.
This would allow an attacker to run any JS they liked on the page.
That JS could grab any data from the page and send it to the attacker.
The page would not be secure.
Copy the assets somewhere that you can access them over HTTPS.