How do I get rid of the IE8 ssl warning message "Do you want to view only the webpage content that was delivered securely?” with ScriptManager?_问答_开发者

How do I get rid of the IE8 ssl warning message "Do you want to view only the webpage content that was delivered securely?” with ScriptManager?

开发者 https://www.devze.com 2023-01-08 22:19 出处：网络

A login page on our asp.net website uses https – while almost all of our other pages do not. On this login page, IE8 users receive the “Do you want to view only the webpage content that was delivered securely?” message. Many users press “Yes” out of habit which breaks our login page. I know the problem stems from the WebResource.axd and ScriptResource.axd script tags generated by ScriptManager.

I’ve tried every method of referencing ScriptResource.axd/WebResource.axd – but no matter what I do I get the same IE8 warning – some examples:

<script src='https://www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' /ScriptResource.axd?123' type="text/javascript"></script> 
<script src=' //www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' ../ScriptResource.axd?123' type="text/javascript"></script>

Here is an example of a simple page with no axd script (no IE8 prompt) and another page with the same markup and a single axd script (produces the IE8 prompt).

Thinking there might be some strange redirection in iis for axd files - I’ve even tried response.redirecting axd requests to secure urls in global.asax. Application_BeginRequest with no effect.

Does anyone know of a way to include the ScriptResource.axd/WebResource.axd scripts generated by script manager in a manner that does not trigger the "Do you want to view only the webpage content that was delivered securely?” IE8 mess开发者_运维百科age? Thanks!

Looking at the traffic, something is redirecting https requests for ScriptResource.axd to the http equivalent. I'm not aware of any setting specific to ScriptResourceHandler that would do this, and I do know that we use MS AJAX scripts all the time over https without issue. I would try temporarily removing any Application_BeginRequest handler you have to see if it continues to redirect.

You have to deliver your scripts from an SSL encrypted server as well. VIA HTTPS. This occurs because some of the scripts are coming from non SSL channels.

Use Fiddler2 to sniff the request that might give you more insight on what is being passed back and forth from the browser to the server.

Looking at the page load for your log in page all *.axd files are called over SSL.

Also have a look at your cookies are you writing/reading any cookies on the log in page. This can certainly cause the pop up message in both IE8 (and consequently FF 3.67 on my machine).

That's the best advice I can give as to where to look.

Hope it helps.

Not sure if you have looked at this page. It talks about using Fiddler to troubleshoot the issue (scroll down towards the end).

Internet Explorer 8 Mixed Content Handling