0

I've got a site we just moved to SSL using SNI and have some odd behavior going on.

If you make a browser request VIA HTTPS - the browser will not load all the resources, external fonts, css and js that are not explicitly linked via HTTPS.

I can change links to a protocol-less scheme, change the base href, force all SSL connections - no problem. that is not my issue.

What I would like to know is:

Is this normal behavior for an SNI hosted site? Normally I would expect the browser to load all resources anyway and just give a non-secured content error. Using a browser inspector I can see that the browser is not loading scripts etc at all.

-thanks -sean

Sean Kimball
  • 869
  • 1
  • 8
  • 24
  • 1
    It's normal behaviour for any SSL site. Browsers refuse (or at least issue warning) if they have to load non-secure assets on secured sites. – Alexey Ten Oct 02 '15 at 15:32
  • Since when? I can't ever recall seeing this behavior all I have ever seen is the insecure content warning. – Sean Kimball Oct 02 '15 at 15:45
  • 1
    Since like forever. See e.g. https://developer.mozilla.org/en/docs/Security/MixedContent `Starting in Firefox 23, mixed active content is blocked by default…` – Alexey Ten Oct 02 '15 at 15:47
  • interesting - about 2 years. easy enough to miss that fact. thanks. – Sean Kimball Oct 02 '15 at 16:04

0 Answers0