cancel
Showing results for 
Search instead for 
Did you mean: 

HTPPS Crossed out

keppy2008
Grafter
Posts: 67
Thanks: 5
Registered: 31-07-2007

HTPPS Crossed out

HI
HAPPY NEW YEAR,
Like the layout and first impression is good.
ONE POINT  >>>>    I notice in the url address that the HTTPS is crossed out in red
Not sure if this is due to using the Chrome browser or not ?
It is not crossed when i use squirrel mail.
Assume no security issue ?
Regards
Keppy
jim:red All Caps in title corrected as per Forum Rules mod:end
18 REPLIES
Community Veteran
Posts: 5,462
Thanks: 274
Fixes: 4
Registered: 11-08-2007

Re: HTPPS Crossed out

Can you post in this thread an example of the URL you are talking about so that others can try the exact same address, in order to be able to give accurate comment.
Superuser
Superuser
Posts: 8,952
Thanks: 451
Fixes: 38
Registered: 06-04-2007

Re: HTPPS Crossed out

The address bar correctly shows https://betawebmail.plus.net (with various query strings) for me in both Firefox 8.0 and IE9. Does Chrome show that marking on any other HTTPS sites? I wondered if it means standard HTTP data might also be shown on the page.
David
Community Veteran
Posts: 5,462
Thanks: 274
Fixes: 4
Registered: 11-08-2007

Re: HTPPS Crossed out

Looks OK on Firefox 3.6.24
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: HTPPS Crossed out

OK on Win 7 and Firefox 9.01
pin2011
Grafter
Posts: 109
Registered: 09-06-2011

Re: HTPPS Crossed out

https://betawebmail.plus.net/
I saw that url and the crossed out https. I assumed it meant that chrome was no longer in the secure mode?Huh
Community Veteran
Posts: 5,462
Thanks: 274
Fixes: 4
Registered: 11-08-2007

Re: HTPPS Crossed out

keppy2008
Grafter
Posts: 67
Thanks: 5
Registered: 31-07-2007

Re: HTPPS Crossed out

HI .
The red crossing out only occurs when  i go into the betawebmail site :-

https://betawebmail.plus.net/?_task=mail ;  
The https has a red diagonal  slash and the lock symbol has a red cross upon it.
Are there mail settings  or chrome settings that will correct this issue ?
I dont really care about the red markings as long as the email is secure Huh?
Regards
Kep
Superuser
Superuser
Posts: 8,952
Thanks: 451
Fixes: 38
Registered: 06-04-2007

Re: HTPPS Crossed out

Quote from: keppy2008
I dont really care about the red markings as long as the email is secure Huh?

Having been through the rather repetitive thread linked to by purleigh (thanks Smiley ) I'm fairly sure that Chrome is complaining that insecure links (adverts) are provided on the page.
Last month Plusnet stated:
Quote from: Bob
Something we're aware of. You'll find Google Chrome complains about this too and actually suggests the site is not properly SSL encrypted (it is).

I'm happy to use it (from Firefox  or IE9) but you must make your own decision. You could try blocking ads in Chrome if an add-on is available to do this.
David
RPMozley
Aspiring Pro
Posts: 1,067
Thanks: 21
Fixes: 3
Registered: 04-11-2011

Re: HTPPS Crossed out

Quote from: spraxyt
You could try blocking ads in Chrome if an add-on is available to do this.

Ad Block for Chrome is available at the Google extension place (strangely named a store, as if anyone would pay money for free stuff).
I'm not entirely sure it will stop the secure/insecure mix problem though (due to the way it works).
Superuser
Superuser
Posts: 8,952
Thanks: 451
Fixes: 38
Registered: 06-04-2007

Re: HTPPS Crossed out

Having installed Chrome and Ad Block, though Ad Block removes the ads it doesn't eliminate the warning. Console diagnostics show that, as mentioned in the previous reply, the scripts that Chrome draws attention to still run even though Ad Block prevents their output from appearing on the page.
To eliminate this warning I think the google syndicating ad scripts need to be removed from the page. In any case I think it is inappropriate for Plusnet to display third-party ads to customers using a subscription account.
David
David
Community Gaffer
Community Gaffer
Posts: 12,860
Thanks: 676
Fixes: 64
Registered: 04-04-2007

Re: HTPPS Crossed out

Quote from: spraxyt
In any case I think it is inappropriate for Plusnet to display third-party ads to customers using a subscription account.

The adverts are there because we wanted to start doing something that would help generate revenue from the platform. It costs us money to run and historically there's little coming into the coffers to offset these costs. I'd sooner see ads on the login page than say goodbye to the service! Wink
Anyway, regarding the Google Chrome error (see attached screen grab)...
If you Google it (or check out purleigh's link) you'll find that it affects other websites too.
The ads we use on the login page are taken from Google. Google has a policy to push SSL everywhere which is why Chrome complains when any part of a web page is not consistent with a single HTTPS delivery system. It's a tad ironic though because Google's ad system doesn't have an option to deliver ads over HTTPS. It's this contradiction that's creating the problem being observed. If we want to continue serving ads then we either accept that Chrome will complain if HTTPS is used, or deliver completely over HTTP. Obviously we took the decision to deliver over HTTPS and accept that Googles ads would create this issue. The platform *is* secure though and the login credentials which are passed to Roundcube via Javascript, are by default limited to the Roundcube servers.
Google Adsense makes use of javascript to communicate with Google. This is how it knows what ad to load. It is possible to change the communication so it used HTTPS, but because the delivery of the ad is done over HTTP the problem persists. Placing the ad into a div or an iframe doesn't help either - we tested all of this.
Google has the right attitude by promoting SSL and raising red flags when Chrome sees any potential issues. Unfortunately their ad system, which is the biggest in the industry, doesn't conform to the same standards Sad
When we look to making Roundcube the default offering we'll have to make an informed decision about what to do regarding this if it's still a problem.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 26,375
Thanks: 632
Fixes: 8
Registered: 10-04-2007

Re: HTPPS Crossed out

Running the portal servers costs you money as well - does that mean that in the future we will also see Google ads on there?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
drj
Aspiring Pro
Posts: 1,091
Thanks: 43
Fixes: 1
Registered: 30-03-2011

Re: HTPPS Crossed out

Thank you for publishing a screenshot. I've been rather mystified by this talk of "adverts" since I don't have an advert banner at the base of the page as shown there in my default browser (FF9.0.1) - and I don't recall blocking it. Neither do I see it in IE8 though I've discovered it in Chrome.
Community Veteran
Posts: 19,099
Thanks: 434
Fixes: 21
Registered: 31-08-2007

Re: HTPPS Crossed out

Hmmm. The bit of the warning that I remain to be convinced about is the fact that the insecure content provides a potential loophole for an attacker to change the way the page behaves  Shocked