+Funky_Boris Posted May 9, 2020 Share Posted May 9, 2020 I've recently gone over some of my remaining listings to see if they need maintenance from a listings-perspective. I came across this one: https://www.geocaching.com/geocache/GCNYYV_kulso-1 The immediate load of the page results in Firefox displaying a warning This warning is about mixed content which (depending on context) can be harmless or severe. It is a warning none the less. TL;DR: It is a page served with HTTPS that in turn contains reference to consistent elements by HTTP. I set out to see if I was able to clear this warning. If some of my user supplied content was referencing HTTP, it made sense that the warning was there. I edited the page to remove <img> references to content served by HTTP (and removed from <a> tags while I was at it). No change. I looked at the source of the web page. These are the HTTP-based references I could come up with: Quote </title><meta name="DC.title" content="Geocaching - The Official Global GPS Cache Hunt Site" /><meta name="twitter:card" content="summary_large_image" /><meta name="twitter:title" content="Geocaching: Join the world's largest treasure hunt." /><meta name="twitter:description" content="There are millions of geocaches worldwide and probably even some near you right now. Visit Geocaching.com to see just how many geocaches are nearby and to get the free Official Geocaching app." /><meta name="twitter:image:src" content="https://www.geocaching.com/play/Content/images/preview-lg.jpg" /><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" /><link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" /><link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" /><link rel="manifest" href="/manifest.json" /><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#02874D" /><link rel="shortcut icon" href="/favicon.ico" /><meta name="msapplication-config" content="/browserconfig.xml" /><meta name="theme-color" content="#ffffff" /><meta id="ctl00_ogUrl" name="og:url" property="og:url" content="http://www.geocaching.com/" /><meta name="author" content="Geocaching" /><meta name="DC.creator" content="Geocaching" /><meta name="Copyright" content="Copyright (c) 2000-2020 Groundspeak, Inc. All Rights Reserved." /><!-- Copyright (c) 2000-2020 Groundspeak, Inc. All Rights Reserved. --><meta name="description" content="Geocaching is a treasure hunting game where you use a GPS to hide and seek containers with other participants in the activity. Geocaching.com is the listing service for geocaches around the world." /><meta name="DC.subject" content="Geocaching is a treasure hunting game where you use a GPS to hide and seek containers with other participants in the activity. Geocaching.com is the listing service for geocaches around the world." /><meta http-equiv="imagetoolbar" content="no" /><meta name="distribution" content="global" /><meta name="MSSmartTagsPreventParsing" content="true" /><meta name="rating" content="general" /><meta name="revisit-after" content="1 days" /><meta name="robots" content="all" /><link href="https://fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin,latin-ext" rel="stylesheet" type="text/css" /><link href="/content/coreCSS?v=3g6xvdh1yc-tRlp1egBQQkAaARa_gVd1UgyEcJ55zn01" rel="stylesheet"/> <body background="http://img.geocaching.com/cache/f8648c3d-c232-467a-9142-65aa5adc746b.jpg" class="CacheDetailsPage"> <a id="ctl00_ctl29_hlNavShop" accesskey="4" class="dropdown" href="http://shop.geocaching.com/?utm_source=Geocaching&utm_medium=Links&utm_content=Header&utm_campaign=Geocaching+Links">Shop</a> <a id="ctl00_ctl29_hlSubNavShop" accesskey="s" data-event-action="Header Click" data-event-category="data" data-event-label="USA/Canada shop" rel="external" href="http://shop.geocaching.com/?utm_source=Geocaching&utm_medium=Links&utm_content=Header&utm_campaign=Geocaching+Links">USA/Canada shop</a> <a id="ctl00_ctl29_hlSubNavIntlRetailers" accesskey="i" data-event-action="Header Click" data-event-category="data" data-event-label="International retailers" rel="external" href="http://shop.geocaching.com/default/international-retailers/">International retailers</a> <use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="/app/ui-icons/sprites/global.svg#icon-message-center"></use> <svg xmlns="http://www.w3.org/2000/svg" width="24px" height="14px" viewBox="0 0 12 7" version="1.1"><title>Open Menu</title><g stroke="none" stroke-width="0" fill="nonme" fill-rule="evenodd"><g class="arrow" transform="translate(-1277.000000, -25.000000)"><path d="M1280.43401 23.3387013C1280.20315 23.5702719 1280.20315 23.945803 1280.43401 24.1775793L1284.82138 28.5825631 1280.43401 32.9873411C1280.20315 33.2191175 1280.20315 33.5944429 1280.43401 33.8262192 1280.54934 33.9420045 1280.70072 34 1280.8519 34 1281.00307 34 1281.15425 33.9422102 1281.26978 33.8262192L1286.07462 29.0018993C1286.30548 28.7701229 1286.30548 28.3947975 1286.07462 28.1630212L1281.26958 23.3387013C1281.03872 23.106925 1280.66487 23.106925 1280.43401 23.3387013Z" transform="translate(1283.254319, 28.582435) scale(1, -1) rotate(-90.000000) translate(-1283.254319, -28.582435) " /></g></g></svg> <svg width="25px" height="12px" viewBox="0 0 25 12" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <a id="hlAboutFavorites" title="About Favorites" href="http://support.Groundspeak.com/index.php?pg=kb.page&id=287" target="_blank">About Favorites</a> <a id="ctl00_ContentBody_lnkPrintDirectionsSimple" class="DrivingDirections" href="http://maps.google.com/maps?f=d&hl=en&saddr=56.166361,10.154892 (Home Location)&daddr=55.929833,9.323533 (Kuls%C3%B8%20%231)" target="_blank">Driving Directions</a> ...all nearby <a href="http://www.Waymarking.com/directory.aspx?f=1&lat=55.929833&lon=9.323533">waymarks on Waymarking.com</a> <span id="ctl00_ContentBody_MapLinks_MapLinks"><ul><li><a href="https://www.geocaching.com/play/map?lat=55.92983&lng=9.32353" target="_blank">Geocaching.com Map</a></li><li><a href="http://maps.google.com/maps?q=N%2055%C2%B0%2055.790%20E%20009%C2%B0%2019.412%20%28GCNYYV%29+" target="_blank">Google Maps</a></li><li><a href="http://www.mapquest.com/maps/map.adp?searchtype=address&formtype=latlong&latlongtype=decimal&latitude=55.92983&longitude=9.32353&zoom=10" target="_blank">MapQuest</a></li><li><a href="http://www.bing.com/maps/default.aspx?v=2&lvl=14&sp=point.55.92983_9.32353_GCNYYV" target="_blank">Bing Maps</a></li><li><a href="http://www.opencyclemap.org/?zoom=12&lat=55.92983&lon=9.32353" target="_blank">OpenCycleMap</a></li><li><a href="http://www.openstreetmap.org/?mlat=55.92983&mlon=9.32353&zoom=12" target="_blank">OpenStreetMap</a></li></ul></span> <dd><a id="ctl00_ctl30_lnkUSAShop" accesskey="$" data-ga-capture="" data-ga-label="Shop link" data-ga-category="Chrome - footer" href="http://shop.geocaching.com/">USA/Canada Shop</a></dd> <dd><a id="ctl00_ctl30_lnkInternationalShop" accesskey="c" data-ga-capture="" data-ga-label="Intl Retailers link" data-ga-category="Chrome - footer" href="http://shop.geocaching.com/default/international-retailers/">International Retailers</a></dd> <a id="ctl00_ctl30_hlFacebook" title="Facebook" href="http://www.facebook.com/geocaching"></a> <a id="ctl00_ctl30_hlYouTube" title="YouTube" href="http://www.youtube.com/user/GoGeocaching"></a> <a id="ctl00_ctl30_hlInstagram" title="Instagram" href="http://instagram.com/geocaching/"></a> <a id="ctl00_ctl30_hlTwitter" title="Twitter" href="http://twitter.com/GoGeocaching"></a> Now, most of them are links (<a> tags), which do not generate the warning. The one who does is: Quote <body background="http://img.geocaching.com/cache/f8648c3d-c232-467a-9142-65aa5adc746b.jpg" class="CacheDetailsPage"> I have no option to edit this link at the cache page. When following it, I get a HTTP 301 (moved permanently): Quote curl -vvv http:(slashslash)img.geocaching.com/cache/f8648c3d-c232-467a-9142-65aa5adc746b.jpg -o /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 63.251.163.214... * Connected to img.geocaching.com (63.251.163.214) port 80 (#0) > GET /cache/f8648c3d-c232-467a-9142-65aa5adc746b.jpg HTTP/1.1 > Host: img.geocaching.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 301 Moved Permanently < Cache-Control: private < Location: https://s3.amazonaws.com/gs-geo-images/f8648c3d-c232-467a-9142-65aa5adc746b.jpg ... (I had to do something to the URL to prevent auto-expand, thus the "(slashslash)") If I try the same query with HTTPS instead of HTTP, I get exactly the same result. My questions then are: Why are you still referring to this image by HTTP? It would seem that HTTPS would yield the exact same result with the added bonus of clearing the warning Is there a reason to preserve the 301? You are using one level of indirection that can be avoided. This is the most pressing part of this request. As long as this remains the case, geocaching.com is actively contributing to user alarm fatigue: https://en.wikipedia.org/wiki/Alarm_fatigue I know that there are no security violations here, but that is not the point. The point is that inaction on this will lead to users being told once more to ignore a warning. Warnings like these should be either heeded or cleared and doing so is easy. Just add an "s" in the right place (or substitute "http://img.geocaching.com/cache/" with "https://s3.amazonaws.com/gs-geo-images/" if that is not somehow a problem). The rest of the references (that do not contribute to the warning being generated, but are there none the less) can then be subdivided into four categories: Identifiers that aren't necessarily meant to be followed by a user agent (like the xmlns ones). Never mind those. Links to social media pages (like Facebook or Twitter) Links to map services (like OpenStreetMaps or Bing) Links to other Groundspeak-owned sites (like Waymarking or shop.geocaching.com) It would seem that most (if not all) of these support HTTPS as an alternative to HTTP and some even do 301 or 302 to the same path with HTTPS instead if you try the raw HTTP links. Are there any reason to keep referring to the HTTP-based versions of these links on your site ? 3 2 Quote Link to comment
+Funky_Boris Posted April 8, 2021 Author Share Posted April 8, 2021 It has been almost 11 months and no reply. The problem is still present. Respectfully: bump. 2 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.