Loading http content on https website

Question

I\'m thinking about my website architecture that\'s using https.. I now have a CDN server hosting images , css and more static files.

The website itself is using HTT

Answer 1

You have to load every resource over https to get rid of that warning. You can either move the resources to your server that supports encryption, or link to an external resource over https.

Answer 2

Yes.

If a page is loaded over HTTPS then every resource it uses should also be loaded over HTTPS.

Otherwise a man-in-the-middle could replace images with misleading ones (or ones that exploit buffer overflow issues in browsers to execute code) and scripts with ones that do different things (such as leak data to the third party).

Answer 3

If you really want to load http content in https, you can follow this method using a backend handler in charge of downloading and exposing the required content with self forged links including a hash. The security issue is then fixed and you get the content accessible through https.

Dealing with HTTP content in HTTPS pages