Month: June 2016

Mixed Content in HuskyCT

HuskyCT and SSL

The HuskyCT application is deigned to run securely, utilizing SSL to encrypt data transmitted between your browser and the server(s).  A properly secured page uses the HTTPS protocol exclusively to reference external content (e.g. images, audio and video).

secure-lms-url

What is mixed content?

Since HuskyCT allows users to publish content, there will always be a potential for insecure items to be added.  Most often, this occurs when embedded images, audio or video are linked to the course from non-SSL pages.  When this occurs, the page is considered as having “mixed content“.  That is, content which is both secure and insecure.

Most modern browsers have built-in features which evaluate a pages level of security.  When it meets their standard, the browser displays a padlock in the address bar (as shown above).  Otherwise, the browser may issue a mixed content warning.  This warning is sometimes passive and not easily noticeable to the learner (see screenshots below).  Additionally, some browsers may prevent the insecure content items from displaying on the page.

Firefox, Chrome, Microsoft Edge and IE all block insecure content by default.  Safari is the only major browser which does not automatically block insecure content.

How does mixed content impact learner experience?

Depending on the context, it may be obvious to the learner that content has been blocked.

Example 1

Title: Week 1

Description: “This weeks lesson includes a video (below).  All students are required to watch the video in its entirety.  A short quiz will follow.”

mixed-content-no-video

In this example, the learner clearly expects a video clip on the page.  Unfortunately, our course builder embedded the video and mistakenly used “http://” rather than “https://” (setting is only visible to the course builder).  As a result, our browser has automatically blocked the video.

Of course, blocked content won’t always be this obvious…

Example 2

Title: Week 2

Description: (blank)

missing-video-example-2

Once again, our course builder embedded a video using a link to insecure resources.  The content has been blocked by the browser, yet the learner has no indication a video should be expected.  For this reason, we highly recommend course builder’s always include a textual description for any embedded content in their course.

How do I stop my browser from blocking mixed content?

Once our learner is aware content has been blocked, there are steps they can take to force their browser to display the hidden content.

Chrome

  • To temporarily display mixed content, click the shield icon located in the address bar (pictured below).  When prompted, choose to allow loading of non-secure items.

blocked-content-chrome

Firefox

  • To temporarily display mixed content, click the caution icon located in the address bar (pictured below).  When prompted, choose to allow loading of non-secure items.

blocked-content-ff

IE (10+)

  • To temporarily display mixed content, click the “Show all content” button, which is located at the bottom of the browser window (pictured below).

mixed-content-ie10-11

Microsoft Edge

  • To temporarily display mixed content, click the shield icon located in the address bar (pictured below). When prompted, choose to allow loading of non-secure items.

blocked-content-edge

To fully resolve the issue for all learners, course builder’s are strongly encouraged to update insecure URLs to use the HTTPS protocol.