Google Chrome incorrectly reporting “mixed content” on SSL-encrypted pages
Chrome will show a green icon the left of a URL that is SSL-encrypted and does not use “mixed content”. In other words, a page that displays only secure content over an HTTPS connection. That’s great, and increases user trust. However, if the site contains 20 pages and one of them contains an external non-HTTPS JavaScript file, Chrome will display a red “skull and bones” icon to the left of the URL bar, and that icon will remain displayed next to that site’s URLs for that visitor until they close Chrome.
For example, Skype offers a status button to display a user’s Skype status. That relies on a JavaScript file that resides on Skype’s servers and is only available over an HTTP connection. So, to use this on an all-SSL site, you’d probably need to put it inside an iframe.
I suppose Chrome’s developers might think that if one page on a site contains such content, they’d better keep warning the user about other pages on that site too, even though the other pages do not contain mixed content. I would prefer tit actually be accurate.
Skype “Call Me” button – no SSL support!!
To my dismay and total surprise, Skype does not offer an SSL version of its Call Me or Status buttons (link). I emailed them about this and they confirmed that it is not possible at this time, but that they would keep it in mind as a feature request. To me this is not a feature, but a basic must-have. HTTPS connections are a staple and a fact of life that should not have been overlooked. It should not be complicated to enable that, but considering that they have been in business for seven years, perhaps there is some fundamental roadblock preventing this.
Google Analytics uses JavaScript to determine whether the connection uses HTTP or HTTPS. Skype also uses an external JavaScript file, but forcibly loads it over HTTP, which is a problem for sites running on an HTTPS connection (SSL), because it will trigger “mixed content” and “potentially unsafe” content warnings in some browsers, depending on visitors’ browser settings. That can reduce customer trust, which in turn can have an impact on online sales or user stickiness.
If you need to use Skype buttons on a site that is accessed over SSL, beware.
Blogroll
- A List Apart – my profile
- Award-winning web design
- Design for Adoption
- my LinkedIn profile
- Twitter profile
Get E-mail Alerts
- new site: Interferometrics, Inc. http://t.co/FNJa8P8t
- new site: Virginia Martial Arts Academy http://t.co/jiSTMqZE
- Create and Update Content Without Programming Knowledge http://t.co/IFfTyiJd
- Google Checkout is now Google Wallet http://t.co/K8OVEmed