I am having issues trying to see the request made from my browser when I am navigating the site with Fiddler open (and the Decrypt HTTPS traffic option enabled). It seems that when I have Fiddler open I am receiving a 403 Response, but if I don't have fiddler open (or the Decrypt HTTPS traffic disabled) I don't receive the same behavior. Could someone please explain to me what may be happening and/or other possible debugging routes I could look into?
I was hoping to be able to navigate through the site with C# code (eventually add items to my cart all through code).
Related
my Node.js server is supposed to send a GET request to a third-party website vie https.get, but that website returns a 503 error, which is strange, because when I send the exact same request from my own device everything works as intended. Does anybody know what may be the cause of this problem, and how it can be fixed?
EDIT: The website uses CloudFlare, it might be related to theproblem but still - it works in my device.
Checking if the site connection is
shahed4u.vip needs to review the security of
If you are using cloudflare it's just normal, because cloudflare prevent access to bots.
Note: all informatical program making HTTP request are bots, is considered as "true clients" by cloudflare browsers with graphical instance, cookies, and algorythm (check this article on how cloudflare detect "bots")
I recently put my website under SSL. I've been able to adapt the website so that most of the content is under SSL, but some data, like Twitter avatars, are on an http website, so I'm receiving warnings, at least in Chrome.
Is there a policy in IIS to enable fetching non-ssl data from pages outside website's domain?
Is it depending on browser, on the source code, or on server settings?
If you insert direct HTTP links, the browser will complain (and this is correct). One of the options is to cache the data on your server and send it as "own" links for the server.
I believe it will, but the browser will complain about unsecured links usually.
Ie showing following issue, how can i fix this though programing? Sorry for browser security fix
"Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the securty of the enture webpages."
That's a warning that you're serving some content via HTTPS and some via HTTP. To avoid that warning, ensure that everything is being served via HTTPS.
Unfortunately without more details that's all the advice I can offer.
I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.
The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.
Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:
Click in "What do these mean?" goes here which says:
The [crossed-lock] icon appears when
Google Chrome detects high-risk mixed
content, such as JavaScript, on the
page or when the site presents an
invalid certificate.
The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.
Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.
I've searched for anything else coming from http in the source, but didn't find anything.
Is there some way (site, chrome extension, firefox extension, whatever) that will show exactly which are the resources that are "unsecured"?
I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.
Check your site in http://www.whynopadlock.com, which will give you a list of url which is not consider as secure by your browser.
Check the chrome console
You will get it like this,
The page at https://xys displayed insecure content from http://asdasda.png.
Make it http site to https then it will work.
I've found the problem using the Chrome Developer Tools. It was a js that's embedding a flash from an 3rd party site which it's using http.
Are you on Windows? Download and run Fiddler while browsing the site, and watch for HTTP connections.
Mixed content means contents of a web page are mixed with HTTP and HTTPS links.
These links include your JS, CSS, Image, Video, Audio, Iframes etc.
If your website is enabled for HTTPS (SSL certificate has installed), make sure you serve only HTTPS contents throughout your web page.
What is a cross-domain error?
It happens when Javascript (most of the time) try to access something which it shouldn't.
Such as if you try to read another domain's cookie, that won't work. If you try to do XMLHTTP request to another domain or protocol (HTTP > HTTPS) that won't work. Because if you can do that you can hijack, steal your visitors session in other websites.
It's security feature and now it's a standard in all browser.
As I understand it, client-side tools such as Silverlight (and maybe Flash/Javascript) throw a cross-domain error when you attempt to make a connection to a server that is normally only allowed when it is made to the same domain that the page was served from (some origin policy).
A cross-domain error may be thrown when, for example, you are viewing a page on your test server when it is trying to call your live server, or when you are viewing a test page as a local file using a file:// protocol.
Try ensuring that the domain you are testing on is the same as that which the site was designed to be on. Note that Flash has the crossdomain.xml feature which specifically allow you to do cross-domain requests. Javascript also has ways to get around same origin policy, but you should be aware of the implications of what you're doing.