banner_https

HTTPS and how to view blocked content

bernadette-parry-headshotBernadette Parry is the Client Support Coordinator at eWorks. Her role involves juggling all sorts of client-focused tasks including start-up TVC training, advanced Moodle training and support services. She is also our ‘go-to’ for answers to random questions from our clients and larger community – here she covers https and how to view online content when our browser ‘says no’.

What is HTTPS?

HTTPS stands for HTTP Secure. With HTTPS pages, encryption is added to requests sent and received. It has three main benefits:

  1. Authenticity – the browser checks that it has opened the correct website.
  2. Data integrity – the browser can detect if an attacker has changed any data it receives.
  3. Secrecy – the browser can prevent an attacker from eavesdropping on requests, tracking websites visited, or stealing information sent or received.

What is mixed content?

Mixed content is where a HTTPS web page which starts with https:// contains links to a sub-resource HTTP page which starts with http://. Examples of sub-resource pages may be images, videos, extra HTML, CSS, or JavaScript.

If you are using a Moodle site where all pages are HTTPS and you link to a video that is on a HTTP page, then this is an example of mixed content and the connection will be only partly encrypted. Mixed content weakens HTTPS as these requests are vulnerable to an attacker eavesdropping on a connection, and seeing or changing the communication.

How to avoid blocked content

Unfortunately you are unlikely to notice mixed content until it is too late and you have clicked through to a blocked page. Read on for advice about how to view blocked mixed content if this happens.

If you are responsible for creating and maintaining online content, now might be a good time to review links within your secure pages to ensure that you’re not inadvertently frustrating your readers by sending them to http:// pages and therefore blocked content. Then, where possible, link to https pages instead. You may also like to let your readers know what to expect – and what to do – should this happen. No surprises!

How to view blocked mixed content

By default, mixed content is blocked in Internet Explorer 10+, Firefox 23+ and Chrome 21+. When mixed content is blocked, you will see a blank page or ‘Only secure content is displayed’. This can be frustrating, especially when we’re in a hurry.  Try this next time it happens:

Firefox

  1. Go to the top of the page, left of the address bar, and click the shield icon https_firefoxshield
  2. In the pop-up window, click the down arrow next to ‘Options’, and click ‘Disable protection for now’.

Chrome

  1. Click the shield icon on the right side of the address barhttps_chromeshield
  2. In the icon dialog box, click ‘Load unsafe scripts’.

Internet Explorer

  1. Go to the bottom of the screen, and click ‘Show all content’.

Keen to learn more?
Good old Wikipedia offers comprehensive information about URI, TLS, TCP/IP, certificate authorities HSTS, SSL, stripping and much, much more. And I might get around to writing on each of those topics one day.

One thought on “HTTPS and how to view blocked content”

Leave a Reply

Your email address will not be published. Required fields are marked *