31

I deployed my application on google appe engine. My web site use Dojo with the template claro. When I run "google chrome inspection", I see a lot of warning when I navigate throught my site. Here is the type of warnings : 

The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dijit/themes/claro/claro.css.
The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js.

Do I need to configurate something in the appengine-web.xml or web.xml?

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
user376112
  • 859
  • 5
  • 15
  • 24

3 Answers3

53

If your page is always accessed by secure url (https) then you might try accessing the secure versions of those include files. I think you can just use https: in place of http: in the url for those two files.

If you want to get fancy, you can check to see if the page is secure and pick either the secure or non-secure version of the link. I can post a sample of that if you need it.

Addendum: To save people time, I am posting @mercator's superior solution here:

No need to get fancy. If you want to pick the secure or non-secure version depending on whether your own site is secure, you can use a protocol-relative link. E.g. //ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js

Alan Moore
  • 6,525
  • 6
  • 55
  • 68
3

what if the site doesn't support https?? For instance, I'm sending the request to world bank, which only supports http?

EDIT: on chrome, click the "shield" icon on the right of the address bar.

wei
  • 213
  • 4
  • 13
0

Chrome Inspection validates only client side code, not server side. So, server configuration in appengine-web.xml/web.xml doesn't matter here.

At this case it says that your html is using some external code, from other sites, that can be insecure. It not a big problem, btw. But if you wish, you can copy this files (claro.css and dojo.xd.js) to your own site to fix this issue.

Igor Artamonov
  • 35,450
  • 10
  • 82
  • 113