0

What are potential drawbacks of loading an external widget over HTTP when my website is accessible over HTTPS ?

<!-- https://www.example.com -->
<script src="http://www.external-source.com/widget.js"></script>

Are any warnings going to be displayed to the user? Any way to suppress them? Will this script be loaded in all times?

EDIT:

What happens when we load an external JS over HTTPS, but with non-commercial certificate? Will the warnings be shown?

Improve this question
3
  • 1
    It depends on the Browser settings. If you're really concerned about warnings being shown to the user, why not host the file yourself? Commented Sep 23, 2014 at 7:42
  • Can you tell me more? I cannot host it on my server because this file is dynamically generated. Commented Sep 23, 2014 at 7:44
  • See developer.mozilla.org/en-US/docs/Security/MixedContent/… for more info on the problem. As for the solution: i'd use Reverse Proxy. Commented Sep 23, 2014 at 7:50

1 Answer 1

Reset to default
1

Loading a script with plain (insecure) http inside a secure (https) site completely defeats the security of the site. Therefore most modern browsers will simply refuse to load the script without any warnings and without giving the user a way to enforce the loading.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.