Configuring your browser to allow mixed content
Content Manager Explorer and Experience Manager may fail to display non-secure content if they are themselves secure. The end user can allow the loading of secure content in this mixed-content scenario, but you can also configure the end user's browser to always allow mixed content. SDL does not recommend this as it compromises security for all secure sites with non-secure content.
About this task
If Experience Manager is a secure Web site accessed through the HTTPS protocol, Chrome, Firefox and Internet Explorer will block the Web page itself if that Web page is non-secure (HTTP protocol).
Similarly, a non-secure (HTTP) Custom Page in Content Manager Explorer will not be displayed by these browsers if Content Manager Explorer itself is secure (HTTPS).
Each of these browsers offers the user a way to allow the loading of the non-secure content, but the end user must continue to do so for every new session.
To overcome this problem, you may decide to configure your end user's browser to always allow mixed content. However, none of these browser offer a whitelist, that is, the option to allow mixed content for some Web sites, but not for others. In other words, configuring the end user's browser to allow mixed content is a security risk.
Procedure
In Google Chrome, ensure that the executable runs with the following command line switch:
--allow-running-insecure-content.-
In Mozilla Firefox, enter
about:configin the address bar to access the browser's configuration settings. Search for the string "mixed" to find the following settings, and set all of them tofalse:security.mixed_content.block_active_contentsecurity.mixed_content.block_display_contentsecurity.warn_viewing_mixed
In Internet Explorer, select and in the dialog that opens, select Security. Select Internet and select Custom Level. Scroll to the option called Display mixed content and change it from Prompt to Enable. Click OK and confirm that you want to change this setting. Then click OK to close Internet Options.