Mixed Content Examples

Posted . Visible to the public.

The pages […] allow you to see different types of mixed content and test how they behave in your browser. The "Secure" pages are referencing assets with HTTPS, the "Non-Secure" pages are referencing them with HTTP. Generally, you'll observe the same behavior with both Secure pages and the Secure HTTP page for a given test; the behavior will change on the Non-Secure HTTPS page.

Also see Testing HTTPS with badssl.com.

mixedcontentexamples.com
Dominik Schöler
makandra.de
Say thanks
License
Source code in this card is licensed under the MIT License.

Related cards:

Firefox: Inspecting mixed content warnings (and how to enable them)

Having your site run on SSL is worthless when you include content over an unsafe connection (HTTP).

Here is how to hunt down mixed content with Firefox.

How to enable mixed content alerts

If your Firefox does not warn you about mixed content ...

Firefox >= 23 will block mixed content when using SSL

Non-SSL contents on SSL pages are blocked by default

Bug 834836 – Turn on pref to block mixed active content

Firefox 18 introduced preferences to block loading contents from non-SSL (http) sites on SSL (https) pages. One of those prefe...

Vortrag: Content Security Policy: Eine Einführung

Grundidee

CSP hat zum Ziel einen Browser-seitigen Mechanismus zu schaffen um einige Angriffe auf Webseiten zu verhindern, hauptsächlich XSS-Angriffe.

Einschub: Was ist XSS?

XSS = Cross Site Scripting. Passiert wenn ein User ungefiltertes ...

How to use different encodings for text in HTTP headers

In order to use different encodings than ASCII for HTTP headers use the following syntax:

Header-Key: Header-Value; Parameter-Name*=utf-8''parameter_value_in_utf8_and_encoded_chars

Concrete example how to use an utf8 encoded filename for fil...

Preventing users from uploading malicious content

When you allow file uploads in your app, a user might upload content that hurts other users.

Our primary concern here is users uploading .html or .svg files that can run JavaScript and [possibly hijack another user's session](#section-att...

AngularJS: How to force Content-Type on GET and DELETE requests

While you usually do not need a Content-Type on GET request (which have a blank body), an external API may still force you to send one.
Angular's $http service will [strip that header](https://github.com/angular/angular.js/blob/7c0731edb2f72bd...

When loading Yaml contents in Ruby, use the :freeze argument to deep-freeze everything

Ruby methods which load from a Yaml file, like YAML.safe_load or YAML.safe_load_file, support passing freeze: true to deep-freeze the entire contents from the Yaml file.
This is available by default on Ruby 3.0 and newer. On older Rubies, yo...

CSS: Set content from other attributes

You can use the content CSS attribute to set an element's content -- which is especially useful for the :before and :after pseudo elements:

a:before {
  content: 'Click me: ';
}

The above example would prepend "Click me:" t...

Rails migration: Changing a column type without losing the content

The change_column method for rails migrations support casting with a custom SQL statement. This allows us to change a column type and keep the former content as the new type. This way, we can for example prepare an address number column to hold ...

RSpec: Running examples by name (or running a single shared example)

When an Rspec example fails, I usually investigate by running that example again using rspec <file:line>. However, this does not work with shared examples, since Rspec doesn't know in which context the shared example should be run.

But there is...

Posted by Dominik Schöler to makandra dev (2021-02-24 15:50)
This website uses short-lived cookies to improve usability.
or learn more