An image of a flag made our Travel website lose HTTPS status – Computicket

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
24,501
The company said that after a site build, an image used next to the input of the traveller’s telephone number – a country flag – was not secure, causing the site to “no longer be HTTPS”.


Smell that.....smells like complete BS to me!

How can a http link to a flag cause the whole site to not be https?!
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
23,708
Smell that.....smells like complete BS to me!

How can a http link to a flag cause the whole site to not be https?!

Could be chrome being finicky that the element is not under the same certificate umbrella, ie, the image is actually ref'ed to another server that is NOT secured via https. So the browser sees split paths as well as one server either not being http secured or secured with a different cert.
 

eye_suc

Expert Member
Joined
Feb 14, 2005
Messages
4,168
Smell that.....smells like complete BS to me!

How can a http link to a flag cause the whole site to not be https?!
Mixed content:

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content
Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.

Quite an annoying issue.
 

Chris.Geerdts

Expert Member
Joined
Nov 1, 2014
Messages
2,225
Computicket ... assured customers “that no access into any of its databases was gained, nor any systems exposed due to the insecure link”

Computicket clearly doesn't have adequate grasp on the security impact of this. They wouldn't know if the CVV was intercepted or not. Also, moving to a 3D secure site would not mitigate interception of open text.
 

Milano

Honorary Master
Joined
Feb 7, 2004
Messages
16,752
Computicket clearly doesn't have adequate grasp on the security impact of this. They wouldn't know if the CVV was intercepted or not. Also, moving to a 3D secure site would not mitigate interception of open text.

How do you arrive at this conclusion?
 
Top