issues with loading un-secure content using HTTPS

Hi

I've looked into this issue and it seems that actually using https can be more a headache than a safe haven for users as it also depends on links coming to a page from external sources and if that external source is not using https then your page with https will still get a warning label and be considered unsafe. The downside to that is every browser users different rules for loading http links/styles/pages inside a https protected main page and in many cases you (the home user) has no control/settings to stop this.

It also seems that using catches for Java srcipts/ js files and css/styles external links is a major problem.

I have found a few different rules/ways to try and over come this as it seems it can be over come with quite a bit of code restructuring (example below) 

---------------------

Use protocol-relative paths.

Thus not

<linkrel="stylesheet"href="http://example.com/style.css"><scriptsrc="http://example.com/script.js"></script>

but so

<linkrel="stylesheet"href="//example.com/style.css"><scriptsrc="//example.com/script.js"></script>

then it will use the protocol of the parent page.

-------------------------------

The problem is now how do you make a site HTTPS secure and over come these stupid problems that you have no control over.

There has to a way as bigger sites like FB, Twitter, ebay etc etc don't have these issues when using them.

Cheers

Here is a link that explains it a bit better.

http://ithemes.com/codex/page/Fix_Non-SSL_Elements_on_SSL_Page

Cheers

I ran into an issue with a module I put together for books. Basically, the user types in the name of the book, and a list of x results is shown - with photo and brief description, and even a button to preview the book. But since I am using a Google API, and it is not https, the preview does not work unless the user allows unsecure content. Which is a hassle because if the user does not know what is going on, they may not allow the unsecure content, thus getting a blank page instead of the preview.

That's exactly correct, I also use sponsored ads on my site which in some browsers they don't appear because of this.

The real problem is not site owners like us as we know and understand the problems and why things happen in browsers but it's the home users on the other end who ends up believing what the browser is telling them and because they don't know better they move on instead of staying on the site. 

At the end of the day it now boils down to script development and if a script is following and allowing for HTTPS protocols when writing it, then that script for those serious webmasters wanting to SSL would be useless and thus not worth a cent as it kills traffic/stops viewers from entering the site thus getting nowhere.

Mods might have to include whether their HTTPS compatible now as they do version compatibility. Important! don't you think?