Geek Answers Handbook

How can I get rid of the IE8 ssl warning "Do you want to view only the contents of a webpage that has been reliably delivered?" with scriptmanager?

The login page on our asp.net site uses https - while almost all of our other pages do not. On this login page, IE8 users receive the message "Do you want to view only the contents of the web page that has been reliably delivered?" message. Many users click "Yes" out of habit, which violates our login page. I know the problem is with the WebResource.axd and ScriptResource.axd script tags generated by the ScriptManager.

Ive tried every reference method of ScriptResource.axd / WebResource.axd - but no matter what I do, I get one IE8 warning - some examples:

<script src='https://www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script> <script src=' /ScriptResource.axd?123' type="text/javascript"></script> <script src=' //www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script> <script src=' ../ScriptResource.axd?123' type="text/javascript"></script>

Here is an example of a simple page without an axd script (without an IE8 prompt) and another page with the same markup and one axd script (issues an IE8 prompt) .

Thinking that there might be some weird redirection in iis for axd files - I even tried the response. axd request redirection to protect URLs in global.asax. Application_BeginRequest without effect.

Does anyone know how to include the ScriptResource.axd / WebResource.axd scripts generated by the script manager so that they do not run "Do you want to view only the contents of a webpage that has been reliably delivered?" Message IE8? Thanks!

+4
source share
4 answers

Looking at the traffic, something redirects https requests for ScriptResource.axd to the http equivalent. I do not know a single parameter specific to ScriptResourceHandler that would do this, and I know that we always use MS AJAX scripts over https without problems. I would try to temporarily remove the Application_BeginRequest handler, which you should see if it continues to redirect.

+4
source

You must also provide your scripts from an SSL encrypted server. VIA HTTPS. This is because some of the scripts come from non-SSL channels.

0
source

Use Fiddler2 to sniff a request that can give you more information about what is being sent in the browser and back to the server.

After looking at the page load for your login page, all * .axd files are called via SSL.

Also look at your cookies, you write / read cookies on the login page. This can certainly trigger a pop-up message in IE8 (and therefore FF 3.67 on my machine).

This is the best advice I can give regarding where to look.

Hope this helps.

0
source

Not sure if you viewed this page. It talks about using Fiddler to fix the problem (scroll down to the end).

Work with mixed content Internet Explorer 8

0
source

More articles:


All Articles