I have an asp.net C# application hosted by IIS 7. I have installed a valid SSL Certificate and used Security Switch in order to transfer each page from HTTP protocol to HTTPS.
On one of my pages, I use JQUERY. Specificly, I have a canvas that I draw some stuff on using Javascript, and also a GridView that I use the tablesorter jquery plugin on.
Both does not work when I use the https connection, meaning that the canvas is empty, and the gridview isn't shown.
If I use the normal HTTP protocol everything works fine. Furthermore, If I don't use the tablesorter plugin on the gridview than I can see it even when using https.
I Suspect that the https connection is blocking my javascript, although when using google chrome and looking at the certificate(by clicking on the little lock at the address bar) it says "java script enabled".
My JQUERY itself is being refrenced at the MASTER PAGE of my website, while the other scripts (drawing on canvas and table sorter) are being imported on the page itslef in the header section such as this:
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
<script type="text/javascript" src="/Scripts/jquery.tablesorter.js"></script>
</asp:Content>
Looking at chromes console I see the following (only when using the https connection):
[blocked] The page at **** ran insecure content from http://fonts.googleapis.com/css?family=Archivo+Narrow.
Resource interpreted as Script but transferred with MIME type text/html: "https://****/Scripts/jquery.tablesorter.js".
Resource interpreted as Script but transferred with MIME type text/html: "https://****/Scripts/AquaGauge.js".
Resource interpreted as Script but transferred with MIME type text/html: "https://*****/Scripts/jquery-1.10.1.min.js".
Uncaught SyntaxError: Unexpected token < Scripts/jquery-1.10.1.min.js:1
[blocked] The page at https://***** ran insecure content from http://fonts.googleapis.com/css?family=Archivo+Narrow.
Uncaught ReferenceError: $ is not defined
How can I make my javascript code also when using HTTPS connection?
I fixed it. The javascript is being loaded threw a full path (https://yoursite.com/Script/jquery.js) although it is local, and not via file:// or anything else.
One must add threw Security Switch also the links to these files.
Related
I have deployed a ASP.net website and for whatever reason the website is rendering like it should on the web server, but when i access it from a client some of the formatting is lost, so for instance the menu items disappear from the menu, i am at a loss as to where to begin as the website is functional, it just isn't rendering how it should, i suspect that it might have something to do with CSS, but really not sure.
I have tried to make remove some reference to bundles and called the style sheets directly using link with no difference.
I have checked i am able to access the site.css from a client too.
Having looked a bit further into it, IE is returning the following two errors:
SCRIPT5007: Unable to get property 'createElement' of undefined or
null reference jquery-3.3.1.min.js (2,6997)
SCRIPT5022: Bootstrap's JavaScript requires jQuery bootstrap.min.js
(6,31)
Have you checked the mime type registered on iis? It could be possible that the response for the css request could have a different mime type than what the browser expected and thus did not parse it/apply the style rules.
To check/fix this, open server manager -> browse to your site. In the IIS settings panel would be Mime types, ensure that text/css is the MIME Type for the .css extension, also in your link tag try including type="text/css" as well.
Thanks guys, managed to figure it out, the issue was there was a GPO setting that was ticked to display intranet sites in compatibility mode, i unchecked this and it began to work as expected, hope this helps someone else.
I have a fully operational ASP.NET Webform application (.aspx) that sends and retrieves data to the server (CodeBehind) using jQuery AJAX. For my next project I need to recreate this application but with Phonegap to make it mobile and platform independent.
I'm trying to use the same CodeBehind file that handles the database connection and all the needed methods to make the application work.
// File-structure
Application
App_Code
pages
Default.aspx (with codebehind)
phonegapapp
www
- index.html (with jquery AJAX calls)
...
From the index.html file I'm trying to make a connection to the Default.aspx.cs file to access the necessary functions:
// phonegapapp/www/index.html
$(function () {
$.ajax({
type: "POST",
...
url: "../../Default.aspx/testFunction",
// tried with only one ../ and going to root and follow file structure but non is working.
...
});
});
I get an error showing that the file is not found:
XMLHttpRequest cannot load file:///C:/Application/pages/Default.aspx.cs/testFunction. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.
You cant execute/access aspx files wihtin phonegap app. Simply you have to put your aspx files behind an Asp.Net supporting webserver such as IS and then you load call ajax with relative path, like http://localhost/default.aspx and then you will be able to get the response.
How I can fix this block if everything happen inside of my domain?
[blocked] The page at 'https://example.com/secure/CMS/Edit/Default.aspx' was loaded over HTTPS, but ran insecure content from 'http://example.com/en/?idkeep=True&DE_VM=4&DE_LNK=183_185790&DE_RND=536512159&id=183_185790': this content should also be loaded over HTTPS.
This happen in the CMS called EPiServer 6.
I was getting this problem. I removed "http:" prefix from that link.
old : iframe src="http://example.com" >
new : iframe src="//example.com" >
Now it's working perfect.
Thank you.
You can not put insecure (http not https) content (images, stylesheets, inline frames, etc.) on a secure webpage (https).
browser will block the insecure element while loading the page.
Search where in your script (https :// example.com/secure/CMS/Edit/Default.aspx) trying to access (http :// example.com/en/?idkeep=True&DE_VM=4&DE_LNK=183_185790&DE_RND=536512159&id=183_18579) and just add 'S' after http.
in other words your page should try to access http**S**://example.com/en/ not (http:// example.com /en/)
But I know, if the requested page is not available on HTTPS, there is nothing more you can do :-S
Because I get this project in the meddle without any other developer I will know, this server has a reverse-inverse-proxy. Than without any code the server change the protocol.
But to fix or minimize this problem I ensure all scripts are assigned with relative protocol. Removing http[s]:// and leave just //
We resolved this problem by setting the link properties to open up in a new tab and not attempt to display the insecure page in the frame on the secure page.
I have developed an IIS website that has worked perfectly fine when hosted with visual studio. I have then sent it off to the customer, who has hosted it on his machine locally and the functinality is fine. We then copy the same files onto their server (it is already set up with IIS and a DNS for an external URL) and most of the functionality works. One of the <asp:ImageButton tags, however, appears to just refresh the page without doing anything (there are 2 results that could happen when the button is clicked, and both call RegisterStartupScript() and I cannot see the results of the script on the page anywhere)
I guess after all that rambling of a backstory my question is this: When you call the following method, is this something that is visible on the page, as it should be called no matter what the response, so we can at least look for that and see if it is getting through to the method at all.
Page.ClientScript.RegisterStartupScript()
If you look at the source of generated page you should see your script or whatever you put in script parameter, for example :
ClientScript.RegisterStartupScript(this.GetType(), "myKey", "CallStartup();", true);
should render as :
<script type="text/javascript">
//<![CDATA[
CallStartup();Sys.Application.initialize();
//]]>
</script>
I've seen problems like this on occasion if the .NET Framework is not registered correctly or set to the wrong version. Check that the version of .NET set for the site on the server is the same as the one you developed for. You also may need to use aspnet_regiis to fix problems if the ASP.NET scripts are missing from your site or the .NET Framework didn't correctly register with IIS.
I have implemented the reCAPTCHA solution (latest version), into my ASP.NET web project. It works fine and dandy in my local environment, but on our SSL encrypted server I receive the warning message "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." This only occurs in Internet Explorer.
I've found, on these forums and others to change the deprecated server to the new of googles (old: https://api-secure.recaptcha.net to new: https://www.google.com/recaptcha/api), but I am not directly referencing the javascript files, just using the .net library.
Any help would be greatly appreciated!
If the MVC Helper is using Context.Request.IsSecureConnection as Dan has pointed out above, and your application server is behind a load balancer that intercepts HTTPS and forwards as HTTP, then OverrideSecureMode will likely be false and rendering would take place insecurely.
If behind a load balancer, one of the ways to find the originating protocol would be to do something like this (provided you have access to the X-Forwarded-Proto header field).
bool isSecureConnection = String.Equals(
filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"],
"https",
StringComparison.OrdinalIgnoreCase);
From browsing the control's source, the control has a property called OverrideSecureMode that, when set to true, always causes the control to render via HTTPS.
The MVC Helper, on the other hand, doesn't seem to allow setting that property. It seems to be using Context.Request.IsSecureConnection to determine which hostname to use; discovering why that value is wrong for you is another way to attack the problem.