author: Krasimir Tsonev

Hi there, I'm . Senior front-end engineer with over 13 years of experience. I write, speak and occasionally code stuff. Follow me on Twitter, GitHub, Facebook or LinkedIn

\"This page contains both secure and non secure items\" message

When you are opening a site via https protocol and there are items loaded with absolute addresses started with http some browsers, like IE, throw a message This page contains both secure and non-secure items. It is really annoying and if the user decides to can prevent these items of showing and he can brake the whole layout or some functionality.
I had a similar problem and the first thing that I did was to check the whole page for external resources like images, css, js, and swf files. In my case everything was ok and I found that the problem is in the Facebook's stuff that was included in the page. The problem comes from a FeatureLoader.js.php file, which loads another library with http instead of https protocol. I solved the problem by creating a simple php file that wrappes the facebook's code.
header("Content-type: text/javascript");
    $url = "http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php";
    [ ^ ] $content = file_get_contents($url);
    $content = str_replace("http:", "https:", $content);
    die($content);
If you enjoy this post, share it on Twitter, Facebook or LinkedIn. Or maybe comment below: