Homepage mixed content

Topic

New Reply

Extending on an observation here: https://www.askwoody.com/forums/topic/kbnew-new-articles-in-microsofts-knowledge-base/#post-162903

Opened here as best guess to highlight @bellelyn’s described experience in Chrome. I guess I had thought this was a known issue among MVP’s. If it is not, then I wanted to give it due attention.

I can add that my Pale Moon browser has, for an unknown period greater than one month, consistently identified the AskWoody homepage, both with and without the trailing / divider, as hosting mixed content. By default, Pale Moon blocks active content that is not trusted. There is no popup indication. But clicking on the shield shaped flag gives options to learn more, and a selector to allow the content. I presume that too would revoke the https label.

I initially thought this had to do with personal avatars. But the condition only exists on the homepage. All additional pages are fully compliant with https, including all pages with comments that host avatars.

Is this experience seen by others? Is it a known issue? Is it normal and easily explained?

Reply | Quote

Replies

We are aware of an issue with the security warning on the homepage, in some browsers – I suspect this may relate to the ads, but it’s just a guess. Similarly, there have been problems with pages not loading the latest versions.

The devs have been alerted to this, but sadly, it’s not been addressed yet. Fingers crossed that it won’t be too much longer.

Reply | Quote

Kirsty wrote:

Similarly, there have been problems with pages not loading the latest versions.

In Firefox, set the browser.cache.check_doc_frequency to 1 (in about:config)
In other browsers, set the page to load every time from the site, not from cache.
In IE this is under General\Temporary Internet Files – Every time I visit the webpage.
However, I think IE behaves better and is less affected of this issue than the latest releases of Firefox Quantum.

Reply | Quote

It’s apparently not so simple, sadly (see here and its link).

1 user thanked author for this post.

Elly

Reply | Quote

You are absolutely right. I only provided a workaround which works for me on Firefox, but there is an underlying problem which is design related. However, I suspect that the main work still needs to focus into the page caching area.

2 users thanked author for this post.

woody, Kirsty

Reply | Quote

Kirsty,

It appears that you are indeed correct. Firefox Quantum user here. I’m able to load the home page without issue, but note that I have:

1) NoScript
2) uBlock Origin

Looking at the uBlock log, the following are blocked:

1) https://45.33.96.32/ (members.linode.com – piwik)
2) amazon-adsystem.com (just what it says)
3) paypalobjects.com (3rd party tracker)

NoScript also blocks twitter.com.

An example of 3rd party content that triggers “mixed content” messages from the home page:

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

This is a violation of the https standard. So, if your browser won’t load the page or you get an “insecure” type of message, it is doing what it’s supposed to do. If you have blockers enabled, the page will load because the 3rd party content is removed (blocked) prior to rendering the page.

Reply | Quote

Ouch. I need that PayPal link…. and the Amazon link comes back to several parts of the page.

2 users thanked author for this post.

Elly, Cascadian

Reply | Quote

But, and I may be showing lack of knowledge, those elements are present on *all* pages hosted on this domain. But only the homepage throws a mixed content warning.

I do not recall first observation, not my strong suit. But I have adapted a peculiar use habit. I will not log in from the home page. Because I do not understand the mixed use warning. I know the offending element is blocked, and should have no effect. But I have found myself to be less concerned when there is no warning flag at all.
—
Afterthought added: Is it in the nature of the homepage that it is a persistent document; only ever edited, never recreated from scratch. This could suggest a place to look.

Reply | Quote

Additional information, I had been nearsighted in saying ‘only’ the homepage shows the mixed content warning in Pale Moon. More accurate, it is the only page I generally load that shows this warning. I looked a bit more today, before logging in.

There is a Tandy-grey-chassis-cover colored banner of links below the black backed title box, above the ‘woody’ MSDefcon placard. Each of these links (Home | MS-DEFCON System | Thanks, patrons! | About AskWoody | Direct Message | Log IN) displays a page with mixed content. Remarkable because it is different, the Lounge Forums link displays a fully compliant https page.

I return to the suspicion that these pages are persistent from an earlier template that contains some element that is not wanted. Pages that are created from new content do not have that mystery element included.

Noticed that I had given badly phrased information. Wanted to clarify. Thanks all.

Reply | Quote

Today’s unveiling, https://www.askwoody.com/2018/were-back/ has cleared all warnings I described here, in my use at least. Also have new version of Pale Moon today, ver27.7.2, but I think the change at AskWoody explains the new experience.

Hope everyone sees the same improvement. Thanks.

1 user thanked author for this post.

Elly

Reply | Quote

I’ve also had the alerts disappear since the devs made changes a couple of days ago 🙂

2 users thanked author for this post.

Cascadian, Elly

Reply | Quote