none
[SOLVED] Disable 'mixed content' security warning popup dialog box

    General discussion

  • 5/7/2011 13:28 lsz

    PROBLEM  

    Navigation through to an email by clicking on an email in the email list in Google Mail is interrupted by a security warning popup dialog box:

    ...............................................
    Security Warning

    Do you want to view only the webpage content that was delivered securely?
    (IE8) This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage
    (IE7) This page contains both secure and nonsecure items. Do you want to display the non secure items

    More Info  Yes No
    ...............................................

    The 'More Info' button provides no clue as to what settings need to be changed in order to suppress this warning, nor information specific to the user's specific configuraton.

    Googling this issue shows it to be the "mixed content" problem with Internet Explorer.  The canonical solution -- to navigate to Tools | Internet Optionis | Security | Custom level and changing Miscellaneous | Display mixed content from 'Prompt' to 'Disable' -- does not work in this case. 

    Site on which the link is being attempted is connected via https and is listed specifically in "Trusted Sites", yet is not trusted ('trust' is evidently not transitive) (site is https://mail.google.com/mail/)  Only some email links exhibit this behavior.  mail.google.com has a valid security certificate.

    SOLUTION

    The solution here is a bit different than what I have seen in all other posts on this issue.  This solution calls for a change in a specific security zone.

    Apply the canonical solution above to the 'Local intranet' zone.  Applying it to 'Internet' or 'Trusted sites' zones has no effect.

    DISCUSSION

    This problem occurred when I attempted to view the Doonsbury Daily Alert email link 'list' in my Goole Mail list of email.

    There are four 'zones' in Internet options | Security: Internet, Local intranet, Trusted sites and Restricted sites. Even though Google Mail is identified as a trusted site and is accessed via SSL (https://mail.google.com/mail), the security prompt of 'mixed content' is not disabled by the setting in either 'Internet' or 'Trusted sites' zones.  Only by disabling it in 'Locsl intranet' does this work to disable this annoying popup. 

    Furthermore, this popup only occurs when the user chooses to navigate to the email via the control-left mouse click to open up a new window.  If the user simply left-clicks on the link to the email, the popup does not occur.

    To review: the 'mixed content' by default is set to 'prompt' (Miscellaneous | Display mixed content) in all the 'Internet', 'Intranet' and 'Trusted sites' zones. When the link to the email is attempted directly with left-mouse click, the email displays OK. When the link is attempted with a control-left mouse click to open a new windows, the popup security warning is displayed.

    When this 'mixed content' flag is set to 'Enable' in the 'Intranet' zone the security warning popup dialog box is finally suppressed.

    The workstation in question is on a LAN workgroup with three other workstations, accessing the internet through a router on the LAN.  This may have something to do with having to invoke the "Local intranet' zone, but why is certainly not clear.

    -- Roy Zider


    • Edited by FUBARinSFO2 Monday, April 09, 2012 8:05 PM typo correction
    Sunday, May 08, 2011 4:05 AM

All replies

  • Extremely helpful. Thanks a lot. Worked for me with the same problem.
    Monday, November 07, 2011 3:45 PM
  • Thank you, Michael.  Always nice to get an acknowledgment for solving one of these vexing problems.

    -- Roy Zider

    Tuesday, November 08, 2011 9:37 PM
  • It did not work for me, alas.

    I have wasted half the day trying to solve this problem.

    Half the webpages I've read propose the "canonical" solution - which does not work (for me).

    Your different solution prompted hope, but alas, failed also.

    I have Google's desktop search device installed.  The popup arises everytime I open a Google search results page by clicking on a search request in the desktop search module.

    According to some remarks I've seen, if the Google desktop search app is uninstalled, it solves the problem. But I don't want to uninstall it.

    I believe Microsoft has deliberately created this problem as a strike against Google.  Because I do *not* believe that a plain Google search results page (which I have accessed thousands and thousands of times over the years) is in any way even REMOTELY unsafe for my computer, as the vexing popup states.

    • Edited by John11234123 Thursday, December 01, 2011 5:30 PM fixed typos
    Thursday, December 01, 2011 5:29 PM
  • I found solution and this definitely worked for me try going into ie 8 options advanced rollback your ie settings to the default settings when it was installed after restarting IE 8 it stopped then go to (Miscellaneous | Display mixed content) and enable apply ok close hope this works. For you.
    Friday, February 10, 2012 12:02 AM
  • Well, rolling things back to when they were installed is OK if you don't have anything you want to preserve.  It gets you going.  But you lose all your settings, which is the point of the zones in the first place.

    Friday, February 10, 2012 5:59 AM
  • Thank you ... This worked for me ...
    Wednesday, April 04, 2012 10:00 PM
  • SOLVED] Disable 'mixed content' security warning popup dialog box
    Wednesday, April 04, 2012 10:03 PM
  • Great to hear that.
    Monday, April 09, 2012 8:06 PM
  • I tried it every which way. For a Sharepoint https site that includes some http content, none of this works. It still amazes me that Microsoft doesn't even try to offer a fix but just "replaces" their broken distributed products and abandons users - leaving them with the steaming pile of dog crap that IE is.
    Tuesday, January 29, 2013 1:27 AM
  • Hi,

    when asking a question in an internet related forum it is helpful if you include the address of any sites that you are having problems with for the MS Engineers and volunteers to have a look at to offer a reasonable answer....

    SharePoint sites are usually internal sites that should map to the IE Intranet Zone, not the Trusted sites zone. Either way you should contact your company's system administrators to resolve internal site issues or your hosting provider if your SharePoint server is hosted externally.

    they should be using protocol-less uri's for their resources for pages in folders accepting the https protocol.


    Rob^_^

    Tuesday, January 29, 2013 4:01 AM
  • Thanks for the reply but this is an Office 365 environment so administrative control is limited. Mixed content has been enabled/disabled for both intra and internet sites in IE8 settings with no effect. Nowhere have I set it to "prompt" which is what it insists on doing. So either the browser settings are worthless or Sharepoint is overriding them. Both are MSFT problems and neither option is acceptable - the user should have control over what they see not the browser or the program being used.
    Tuesday, January 29, 2013 6:09 AM
  • Good to know this was not only my problem...

    Yet another solution possible I would like to offer is to add you web site with a star at the beginning in the trusted sites and to remove the check-box of the "require server verification (https:) for all sites in this zone" . wibe site should be like: *.example.com and not https://example.com and you will be surprised to see that the mixed content warning disappears.

    Yoav

    Thursday, April 04, 2013 1:08 PM
  • Yoavc,

    Both things you suggest are pretty much a requirement of using Office 365's version of Sharepoint Online and were done long ago. Neither make any difference in this case. Thank you though.

    Thursday, April 04, 2013 1:19 PM
  • Thanks, this worked for me, I applied it to both internet and intranet custom levels.

    Wednesday, April 24, 2013 12:28 PM