How to resolve mixed active blocked contents error when configuring SSL
What is Mixed Active Blocked contents ?
When anyone hits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle attacks. When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks. When an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP.
The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.
How to avoid ?
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
So whenever there is a need of enabling SSL in webapplication , it should be properly handshaked with application server. Below is an example of Tomcat Server and steps –
1. Take backup of server.xml present in the below location –
2. Add scheme and proxyPort attributes in the below tag –
<Connector port=”8080″ protocol=”HTTP/1.1″
URIEncoding=”UTF-8″ scheme=”https” proxyPort=”443″/>
3. Restart Tomcat