<div dir="ltr">On Wed, Jul 3, 2013 at 8:21 PM, Jay Ashworth <span dir="ltr"><<a href="mailto:jra@baylink.com" target="_blank">jra@baylink.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">----- Original Message -----<br>
> From: "Jeremy Chadwick" <<a href="mailto:jdc@koitsu.org">jdc@koitsu.org</a>><br>
<br>
> I know exactly what you mean when you say "mixed-mode security" (for<br>
> readers: accessing a site using HTTPS, but the URLs referenced within<br>
> that site (for things like CSS, images, etc.) might use HTTP).<br>
><br>
> But what I don't know is where you've seen this. As in a step-by-step<br>
> for where you commonly see it. Even if it varies, just make an itemised<br>
> list of steps (from the point you hit <a href="http://twitter.com/" target="_blank">http://twitter.com/</a> to wherever<br>
> you see the issue) where you commonly see it.<br>
<br>
</div>Generally, anywhere I go on twitter's site (since it's AJAX now, there<br>
really isn't anywhere you "go"), it's https and it's not crossed out,<br>
as Chrome does to indicate mixed-mode.<br>
<br>
As of tonight, I'm getting the "crossed-out https" indicator everywhere,<br>
even after a cache purge and a Ctrl-F5 reload.</blockquote><div><br></div><div>This explains the meaning of the crossed-out https indicator:�<a href="https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1">https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1</a></div>
<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">
> I can try to reproduce it there if need be, and/or do some analysis with<br>
> either Firebug's Network tab or Wireshark, but I need a good starting point! :-)<br>
<br>
</div>Remind me where Chrome identifies what's unsecure, and I'll go look it up.</blockquote><div><br></div><div>From the chrome menu (the three lines at the top right), select Tools, then Javascript Console. �That should give you an error where things went wrong, and tell you specifically what it's unhappy about.</div>
<div><br></div><div>Damian</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">
> Also, and I probably don't need to tell you this, but too much code on<br>
> webservers (doesn't matter where (front or back-end)) behaves different<br>
> based on HTTP User-Agent string. (I could write my own rant about this<br>
> completely unnecessary approach, but I'll spare folks)<br>
<br>
</div>Sure. �But this is "change in working environment, not apparently prompted<br>
by anything user-side".<br>
<div class="im"><br>
Cheers,<br>
-- jra<br>
--<br>
Jay R. Ashworth � � � � � � � � �Baylink � � � � � � � � � � � <a href="mailto:jra@baylink.com">jra@baylink.com</a><br>
Designer � � � � � � � � � � The Things I Think � � � � � � � � � � � RFC 2100<br>
Ashworth & Associates � � <a href="http://baylink.pitas.com" target="_blank">http://baylink.pitas.com</a> � � � � 2000 Land Rover DII<br>
St Petersburg FL USA � � � � � � � #natog � � � � � � � � � � �+1 727 647 1274<br>
</div><div class=""><div class="h5">_______________________________________________<br>
Outages mailing list<br>
<a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><br>
</div></div></blockquote></div><br></div></div>