For a while now, both Internet Explorer (IE) and Chrome have been blocking “mixed content.” In the last few weeks, the most recent Firefox release (Firefox 23) has also begun doing so. So, what is mixed content and why should you care?
When your web browser connects to any webpage, the webpage is sent to you by another computer called a server. Your web browser and the server know how to connect by way of a set of digital rules, or a “protocol.” There are two types of protocols your web browser can connect through:
- HyperText Transfer Protocol (HTTP) or
- HyperText Transfer Protocol Secure (HTTPS)
Secure webpages start with https in their URLs. These sites have their connections to the webservers encrypted, making the information shared on them more secure from sniffers and man-in-the-middle attacks–in other words, from people who are up to no good. Sounds good, right? When you are making a purchase online, accessing your bank account, or taking an online class, you want your data to be secure. So what then is the problem?
The problem comes in when you have pages with mixed content. An example would be a secure website (URL starts with https) that also includes links to unsecured content or plain http links. On paper this makes sense. Of course you want your experience on the web to be secure. If you are on your banking site or making a purchase, the whole site should be secure. But what if you are taking an online class? While you certainly want the course site itself to be secure, what if your instructor wants you to read a policy document on http://www.whitehouse.gov/ or view a video at http://www.pbs.org/? This is where the problem comes in. Mixed content has now been added to your course as neither of these web addresses are secure (note the http at the beginning?), and your browser views these sites as potentially malicious and blocks them.
So what? Well, it’s not so much the “what” as it is the “how.”
The biggest “how” issue is that both Firefox and Chrome have chosen to block the content in a manner that prevents “pop-up warning fatigue”. In other words, the only indicator that something is blocked is the addition of a small “shield” icon in the browser’s address bar (because we all pay attention to that bar when we are browsing.) The icon appears:
The user must recognize the icon has appeared and click it to unblock and allow the “unsecure” content to be displayed. IE’s warning is only a little more obvious in that a small widget appears at the bottom of the page warning you that content is being blocked.
What does this mean for you? It means that as instructors you will need to educate your students about which links in your course may trigger these mixed content warnings. As a student, you will need to watch that address bar for those pesky shield icons to be sure you are seeing all the materials your instructor intended for you to see! More information about how to unblock content in your course can be found inside your D2L course. Click the FAQ link in the upper right-hand corner after logging into D2L.