Oct 1, 2017: Switch to https://

On October 1, 2017 we will be forwarding all http:// requests to their https:// equivalent. Serving over HTTPS is now increasingly viewed as a best practice for user privacy and security. Starting later in October, the Google Chrome browser will label pages with a "Not secure" warning in the address bar when users enter data on an HTTP page. This will impact all UNLedu Framework pages (and hence all UNLcms pages) since the UNL site search bar is in the header of every page.

What You Need to Do

tl;dr

Make sure that any Javascript file references or iframe embeds use https:// in their URLs.

While your pages will now be served over HTTPS, they can include other assests such as images and Javascript files that are included over HTTP. This is called mixed content. While most users should be able to view passive mixed content (such as images) they will now be blocked from viewing active mixed content (Javascript included in separate files, <iframe> embeds).

Below are UNL related examples of a more complete guide to fixing mixed content from Google.

What you want to see:

screenshot showing the green secure padlock in the Google Chrome browser address bar

What you see if you have mixed content:

screenshot of google chrome browser showing a gray information icon indicating mixed content

In the second example with the gray "i" icon, the page includes an image that is referenced with an HTTP address: <img src="http://parking.unl.edu/images/zip_logo_tag.svg" alt="zipcar logo" />

If the file is on the same site, you can remove the domain entirely like so: <img src="images/zip_logo_tag.svg" alt="zipcar logo" />

If the file is on another site, often the HTTPS version of the content already exists and this just requires adding an "s" to the URL - http:// to https://.

Finding the Specific Problem

The specific problem can be found by right clicking on the page, selecting "Inspect", then selecting "Console" in the panel that opens:

screenshot showing the Inspect item when you right click on the page

Also, Web Audit reports run after September 12 now include a Security section that will highlight these files.

Need More Help?

Ask a question in the WDN chat room!