So, I have a selfhosted Ghost blog and there are a couple of odd behaviors
URL: https : //prusik.io/jubbaonjeans/
The cover image loads just fine in IE, but refuses to load in Chrome (for Windows and Android) or Firefox. Here's the code from the source:
<header class="main-header " style="background-image: url(/jubbaonjeans/content/images/2015/01/CoverForBlog-7.jpg)">
In addition, I have a script for Disqus comments. Similar behavior where it works in IE, but not Chrome or Firefox
URL: https://prusik.io/jubbaonjeans/mnrega-and-welfare/
I am using the instructions here (https :// help.disqus.com/customer/portal/articles/1454924-ghost-installation-instructions) to enable Disqus on my blog. (odd URL as I am only allowed 2 links in this post)
Finally, the Ghost image uploader (For cover image and post images) throws a weird error. I am still able to upload images, but the error remains. Again, works just fine in IE
Error: https://prusik.io/jubbaonjeans/content/images/2015/01/UploaderIssue.JPG
Also, I was a programmer at one point and now into InfoSec. My knowledge of CSS and HTML5 programming is basic.
Thanks in advance!
Related
I built my website with github-pages. (Jekyll)
It opened well in web browser like chorme (pc, mobile both), Internet Explorer or something else.
But, the problem is that it cannot be opened in Wechat App (Android, iOS both). My access region is South-Korea (not china, for your information about chinese regulation)
(I am newbie on wechat and I don't know anything about Chinese online regulation. But I am sure that my blog is not blocked because I can access that blog on QQ browser)
Detail information
Imgur Image - Send URL to someone
I send URL to someone as above image.
Imgur Image - No access
At first, It opened well. But second time clicking url again, It didn't open with weird sentence as above image.
Tips. https://aceshipping.github.io
For account security, do not enter any info related to WeChat password in the Internet.
Continue (button)
But, Continue Button doesn't work and also there is no private-related information required on my github page. (You know that there is no login feature available in github page)
Please help me. I need to open this on WeChat, without other browsers.
TL;DR: use a .com/net/org/cn domain.
As of 2020/04, WeChat blocks links by default for public hosts like GitHub and Netlify, redirecting the page to https://weixin110.qq.com/cgi-bin/mmspamsupport-bin/newredirectconfirmcgi?main_type=1&evil_type=100&source=2&url=<your link here>&scene=1&devicetype=android-28&exportkey=...&pass_ticket=...&wechat_real_lang=(en or zh_CN or something). This page is a normal redirection page indicating "非微信官方网页,请确认是否继续访问。" ("not a WeChat official web page, please confirm to continue browsing.") when the language of WeChat is Chinese (whether simplified or traditional), but on other languages it redirects to a link like https://qbview.url.cn/getResourceInfo?appid=62&url=<your link here>&openid=<your WeChat account identifier>&version=10000&doview=1&platformtype=700. This seems to be a removed Tencent service which serves the page with no JavaScript and reduced CSS ('safe browsing' / 'reader mode' as on redirection pages), which was removed on some date in 2019, now serving on a bad SSL certificate and returns only 400 (Bad Request). It seems that the Chinese version of the weixin110 page is changed while in other languages the link remains unchanged, which leads to a bad link.
The HTML markup of those pages are listed, if anyone is interested: en, zh_CN (The words in the brackets are translations added by me)
As of about a week ago, my website was working fine. Since Chrome version 54, I can't get it to load. The HTTPS request doesn't get any response and shows a status of "(canceled)". It loads just fine in Chromium, Firefox, Safari, and even Chrome 53. Chrome's developer tools don't give any helpful information - see the image.
Here is what it looks like in Chromium:
(You'll note that the second image shows the subdomain www. That's because, when the naked domain loads properly, it redirects to the subdomain.)
I tried modifying my server code (Node, Express) to print a message upon receipt of each request, and it doesn't even print when I visit the site in Chrome (54.0.2840.71 (64-bit)). It does print when I visit in Chromium (53.0.2785.143 (64-bit)).
I even tried using a different computer. Same thing - fails in Chrome, succeeds in Safari.
What could make it behave like this? I don't know where to begin troubleshooting this.
I don't really understand the behaviour, but I found a way to fix it in my app. I was using the NPM module spdy in place of Node's built-in https module to serve my app over https. Switching back to the built-in module solved the problem. (It's a simple change - the APIs are compatible.) I don't know whether spdy consistently has this issue in Chrome 54, but I've wasted too much time on this issue, so I will leave further investigation as an exercise for the archaeologist who next digs up this answer.
We got our SSL certificate yesterday . This I have now embedded and redirected the old address on the https page . Now our site is no longer displayed in Safari correctly. In Chrome and Firefox, however, everything is working properly. I'm at a loss on what to do.
Our page is: https://www.zweistein.design
As I do not have Safari running on my PC I cannot double check this, however opening the source code on Firefox revealed a HTML semantic error. You appear to have a DIV tag in your HEAD tag.
DIV is a "flow content" tag and should not appear inside your HEAD tag.
https://developer.mozilla.org/en/docs/Web/HTML/Element/head
https://developer.mozilla.org/en/docs/Web/HTML/Element/div
Again I cannot test this so I am not sure if this is what is causing your issue, but definitely worth correcting.
My website, sarkelliancreed.comule.com, is not loading . I have tried it in Firefox, Chrome, Opera, and IE, and none of them display it. It isn't a 404 error. Any ideas?
Your server seems to be online as I can load Javascript files from it, but it raises several errors related to requests to https://nikkomsgchannel
https://nikkomsgchannel/e?00690027005a00210036003600190026005d0054005900500…230058002b003700630020002a00470058000a0059002f002a005e002d002d002c002a0029
When I go to our web site through HTTPS mode, Chome is reporting an error saying that the page contains secure and not secure items. However, I used Firebug, Fiddler, and HttpDebuggerPro, all which are telling me that everything is going through HTTPS. Is this a bug in Chrome?
Sorry but I'm unable to give out the actual URL.
A bit late to the party here but I've been having issues recently and once I had found a http resource and changed it was still getting the red padlock symbol. When I closed the tab and opened a new one it changed to a green padlock so I guess Chrome caches this information for the lifetime of the tab
Current versions of Chrome will show the mixed content's URL in the error console. Hit CTRL+Shift+J and you'll see text like:
"The page at https://www.fiddler2.com/test/securepageinsecureimage.htm contains insecure content from http://www.fiddler2.com/Eric/images/me.jpg."
I was having the same issue: Chromium showing the non-secure static files, but when everything was http://.
Just closing the current tab and re-opening the page in another new tab worked, so I think this is a Chromium/Chrome bug.
Cheers,
Diogo
Using Chrome, if you open up the Developer Tools (View > Developer > Developer Tools) and bring up the Console and choose to filter to warnings, you'll see a list of offending URLs.
You'll see something like the following if you do have insecure content
The page at https://mysite/ displayed insecure content from http://insecureurl.
For the best experience in finding the culprit, you'll want to start your investigation in a new tab.
It is possible that a non-secure URL is referenced but not accessed (e.g. the codebase for a Flash <object>).
I ran into this problem when Jquery was being executing a a few seconds after page load which added a class containing a non-secure image background. Chrome must continually to check for any non-secure resources to be loaded.
See the code example below. If you had code like this, the green padlock is shown in Chrome for about 5 seconds until the deferred class is applied to the div.
setTimeout(function() {
$("#some-div").addClass("deferred")
}, 5000);
.deferred
{
background: url(http://not-secure.com/not-secure.jpg"
}
Check the source of the page for any external objects (scripts, stylesheets, images, objects) linked using http://... rather than https://... or a relative path. Change the links to use relative paths, or absolute paths without protocol, i.e. href="/path/to/file".
If all that if fine, it could be something included from Javascript. For example, the Google Analytics code uses document.write to add a new script to the page, but it has code to check for HTTPS in case the calling page is secure:
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
On the release of Chrome version 53 on Windows, Google has changed the trust indications to initiate the circle-i. Afterward, Google has announced a new warning message will be issued when a website is not using HTTPS.
From 2017 January Start, Popular web browser Chrome will begin
labeling HTTP sites as “Not Secure” [Which transmit passwords / ask
for credit card details]
If all your resources are indeed secure, then it is a bug. http://code.google.com/p/chromium/issues/detail?id=72015 . Luckily it was fixed.