• Post Reply Bookmark Topic Watch Topic
  • New Topic
permaculture forums growies critters building homesteading energy monies kitchen purity ungarbage community wilderness fiber arts art permaculture artisans regional education skip experiences global resources the cider press projects digital market permies.com private forums all forums
this forum made possible by our volunteer staff, including ...
master stewards:
  • Nicole Alderman
  • r ranson
  • Anne Miller
  • Pearl Sutton
  • James Freyr
  • Mike Haasl
  • paul wheaton
  • Dave Burton
stewards:
  • Joylynn Hardesty
  • Jocelyn Campbell
  • Joseph Lofthouse
garden masters:
gardeners:
  • Carla Burke
  • Steve Thorn
  • Eric Hanson

need some help: how do we figure out what bit on a page is "insecure"

 
master steward
Posts: 29114
Location: missoula, montana (zone 4)
hugelkultur trees chicken wofati bee woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We have a rather lovely page here:  https://permies.com/t/61733/Great-American-Farm-Tour

On other pages on permies, chrome says "secure".  Somebody reported this page as their browser freaking out about it being "insecure".  So I think there is an image on that page that is loaded with "http" instead of "https".  

Is there a plugin or maybe a web page somewhere (where you plug in a url) and it can tell you what bit of a page is the problem?

 
pollinator
Posts: 596
Location: Southern Arizona. Zone 8b
75
fish bike bee solar woodworking greening the desert
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The page has a mix of secure (https:) and unsecure (http:) links on it.  Note the missing "s" in the unsecure links

About 1/3 of the links to other parts of permies.com on that page is an unsecure http: link that then gets redirected to https: after you click on it.
There are nearly 300 unsecure links on that page.  Chrome doesn't complain about them, but other browsers might.

For example:
"https://permies.com/forums/f-83/books"
"https://permies.com/forums/f-59/chickens"
"https://permies.com/forums/f-116/forest-garden"
"https://permies.com/forums/f-117/hugelkultur"
"https://permies.com/forums/f-93/hunting-fishing"
"https://permies.com/forums/f-75/wofati-earth-berm"

If you'd fix your code that generates your pages to only point to https: links, that might fix the problem, it would at least make it easier to track down.

Note: you also have several unsecure links to java code:
https://permies.com/name.jsp

unsecure links to php:
http://polyfaceyum.com/shop/index.php?main_page=product_info&cPath=1&products_id=2&zenid=un4ih3g2ttkq1vh1tvs61mgqt0

and links to:
http://bit.ly/2l9VI7X
http://crmpi.org/

To view the page source code from Chrome, right click on the page then select "view source", you can then do a search (ctl-f) for "http:"
 
master steward & author
Posts: 16847
Location: Left Coast Canada
4021
books chicken cooking fiber arts sheep writing
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suspect the pictures from photobucket are http not https
 
paul wheaton
master steward
Posts: 29114
Location: missoula, montana (zone 4)
hugelkultur trees chicken wofati bee woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My guess is that http links are fine.  But embedding an http image makes the page insecure.   Would that be correct?

I guess I am hoping to get a tool that will highlight the images that are insecure.
 
steward
Posts: 4787
Location: Cache Valley, zone 4b, Irrigated, 9" rain in badlands.
1630
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

On that particular page, a script belonging to google is generating http:// thumbnails for the videos.

I can check that, by waiting a long, long time for the page to load, and then selecting "Tools -> Page Info -> Media" using the current version of FireFox web browser. Yes. I still use a menu, those that don't can get to "page Info" by right clicking on the background of the page.
Screenshot-from-2018-04-07-09-29-19.png
[Thumbnail for Screenshot-from-2018-04-07-09-29-19.png]
 
r ranson
master steward & author
Posts: 16847
Location: Left Coast Canada
4021
books chicken cooking fiber arts sheep writing
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I waited 5 minutes and the page didn't finish loading.  I tried to find out why and it locked up my browser
 
gardener
Posts: 1508
Location: Virginia (zone 7)
351
hugelkultur dog forest garden fish hunting trees books food preservation solar
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it has to do more with pictures being http: and not https: then why is the search page insecure?
IMG_20180407_161256.jpg
[Thumbnail for IMG_20180407_161256.jpg]
 
Joseph Lofthouse
steward
Posts: 4787
Location: Cache Valley, zone 4b, Irrigated, 9" rain in badlands.
1630
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Karen Donnachaidh wrote:If it has to do more with pictures being http: and not https: then why is the search page insecure?

google-image.png
[Thumbnail for google-image.png]
Google image is http://www.google.com/logos/Logo_25wht.gif
 
Karen Donnachaidh
gardener
Posts: 1508
Location: Virginia (zone 7)
351
hugelkultur dog forest garden fish hunting trees books food preservation solar
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's sneaky!
 
Joseph Lofthouse
steward
Posts: 4787
Location: Cache Valley, zone 4b, Irrigated, 9" rain in badlands.
1630
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps that is something that we can change on our end?

 
r ranson
master steward & author
Posts: 16847
Location: Left Coast Canada
4021
books chicken cooking fiber arts sheep writing
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know what this is, but I was right clicking stuff and it says "view page source" or something like that.  I clicked it for this page and it looked like html with all the pointy brackets and stuff.  I did a contrlF (find on page) and searched "http:" and it found 111 instances of that on the page.  
 
Karen Donnachaidh
gardener
Posts: 1508
Location: Virginia (zone 7)
351
hugelkultur dog forest garden fish hunting trees books food preservation solar
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure, there are plug-ins, like https://wordpress.org/plugins/ssl-insecure-content-fixer/
Though, I have no idea what is trustworthy or worthwhile. This is where my techno-brain stops working and I depend on others.
 
pollinator
Posts: 276
Location: Central Pennsylvania, USA
45
hugelkultur purity dog forest garden trees books
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is a helpful article and tool for finding/fixing mixed content:
https://developers.google.com/web/tools/lighthouse/audits/mixed-content

Google is really looking to lock down HTTPS in July:
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
 
gardener
Posts: 155
28
transportation tiny house bike solar woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In Chrome or Firefox
F12 brings up the dev/debug console thing.

Click "Console" (Firefox/Chrome)
and expand "Mixed content" for Chrome.

That should give you the list of insecure items.



Regarding that page:
'http://i1.ytimg.com/' seems to be the main offender.

They seem secured if I am not logged in.
When I log in the dev debug tool freaks out about all the insecure items.


-Ryan
 
paul wheaton
master steward
Posts: 29114
Location: missoula, montana (zone 4)
hugelkultur trees chicken wofati bee woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ryan,

I loaded the page, f12 ... how do I "expand 'mixed content'"?

I see "79 errors" - that seems upsetting.

 
Ryan Barrett
gardener
Posts: 155
28
transportation tiny house bike solar woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There should be a tiny arrow pointing right (à la plus/minus tree expansion in most stuff)
Click that.


Also, try it logged out.  It's looks fine when I log out.
Weird, no?

 
paul wheaton
master steward
Posts: 29114
Location: missoula, montana (zone 4)
hugelkultur trees chicken wofati bee woodworking
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It came up this time!

And the really big thing ....  I went to a different browser (chromium) and ....  the page is fully secure.   I think you mentioned that.  

So whatever the insecure thing is, it is fixed when somebody is not logged in.  But is broken when I am logged in.

 
Just put the cards in their christmas stocking and PRESTO! They get it now! It's like you're the harry potter of permaculture. richsoil.com/cards
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!