<div dir="ltr">On Wed, Jul 3, 2013 at 8:21 PM, Jay Ashworth <span dir="ltr"><<a href="mailto:jra@baylink.com" target="_blank">jra@baylink.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">----- Original Message -----<br>
> From: "Jeremy Chadwick" <<a href="mailto:jdc@koitsu.org">jdc@koitsu.org</a>><br>
<br>
> I know exactly what you mean when you say "mixed-mode security" (for<br>
> readers: accessing a site using HTTPS, but the URLs referenced within<br>
> that site (for things like CSS, images, etc.) might use HTTP).<br>
><br>
> But what I don't know is where you've seen this. As in a step-by-step<br>
> for where you commonly see it. Even if it varies, just make an itemised<br>
> list of steps (from the point you hit <a href="http://twitter.com/" target="_blank">http://twitter.com/</a> to wherever<br>
> you see the issue) where you commonly see it.<br>
<br>
</div>Generally, anywhere I go on twitter's site (since it's AJAX now, there<br>
really isn't anywhere you "go"), it's https and it's not crossed out,<br>
as Chrome does to indicate mixed-mode.<br>
<br>
As of tonight, I'm getting the "crossed-out https" indicator everywhere,<br>
even after a cache purge and a Ctrl-F5 reload.</blockquote><div><br></div><div>This explains the meaning of the crossed-out https indicator: <a href="https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1">https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1</a></div>
<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">
> I can try to reproduce it there if need be, and/or do some analysis with<br>
> either Firebug's Network tab or Wireshark, but I need a good starting point! :-)<br>
<br>
</div>Remind me where Chrome identifies what's unsecure, and I'll go look it up.</blockquote><div><br></div><div>From the chrome menu (the three lines at the top right), select Tools, then Javascript Console. That should give you an error where things went wrong, and tell you specifically what it's unhappy about.</div>
<div><br></div><div>Damian</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">
> Also, and I probably don't need to tell you this, but too much code on<br>
> webservers (doesn't matter where (front or back-end)) behaves different<br>
> based on HTTP User-Agent string. (I could write my own rant about this<br>
> completely unnecessary approach, but I'll spare folks)<br>
<br>
</div>Sure. But this is "change in working environment, not apparently prompted<br>
by anything user-side".<br>
<div class="im"><br>
Cheers,<br>
-- jra<br>
--<br>
Jay R. Ashworth Baylink <a href="mailto:jra@baylink.com">jra@baylink.com</a><br>
Designer The Things I Think RFC 2100<br>
Ashworth & Associates <a href="http://baylink.pitas.com" target="_blank">http://baylink.pitas.com</a> 2000 Land Rover DII<br>
St Petersburg FL USA #natog +1 727 647 1274<br>
</div><div class=""><div class="h5">_______________________________________________<br>
Outages mailing list<br>
<a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><br>
</div></div></blockquote></div><br></div></div>