Troubleshooting Insecure Content Warnings
When navigating Sugar, users may encounter warnings stating that a page contains insecure content. This article explains why they may see this message and what to do about it.
The following symptoms would manifest in an instance of Sugar hosted over HTTPS.
Note: If your instance is hosted in Sugar's cloud environment, it is hosted over an HTTPS connection.
- You receive a warning such as the following:
- Chrome (v. 19 or higher) - "This page has insecure content"
- Internet Explorer - "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" or "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."
- Firefox (v. 23 or higher) - "Firefox has blocked content that isn't secure."
- Tabs on the detailview of certain modules are non-responsive unless you load the insecure content.
Users may experience symptoms for a variety of reasons depending on your Sugar version.
Sugar Versions 6.4.4 and Lower
For versions 6.4.4 and lower, this can be caused by the LinkedIn or Twitter connectors being enabled for specific modules. The connectors for those modules are set up to communicate over HTTP which results in the browser warnings. If your users are not utilizing these connectors, the simplest solution is to disable the connectors by going to Admin > Connectors > Enable Connectors. Drag the modules from the 'Enabled' to the 'Disabled' column under the LinkedIn and Twitter tabs and then click 'Save'.
Sugar Versions 6.4.5 to 6.5.4
Starting with version 6.4.5, the Twitter connector now communicates over HTTPS so the only connector that can cause this error is the LinkedIn connector. If you are using the LinkedIn connector, you may still receive these errors. You can opt to disable the connector by going to Admin > Connectors > Enable Connectors. Drag the modules from the 'Enabled' to the 'Disabled' column under the LinkedIn tabs and then click 'Save'.
Sugar Versions 6.5.5 and Higher
All connectors that ship with Sugar should no longer cause these warnings to appear in the application. If you are still receiving these notices, please check for any custom integrations that may be accessing content over HTTP.
Internet Explorer Users
Internet Explorer provides your users with the ability to add your Sugar site as a trusted site. In IE, go to Tools > Internet Options > Security > Trusted Sites. Then click the 'Sites' button and add the Sugar URL to the zone. Once that is completed, click the 'Custom' button from the Trusted Sites zone and locate the option for 'Display mixed content'. Change this setting to 'Enable' and click 'Ok'. Finally, restart the browser and you should no longer receive the prompt.
For users of Chrome versions 19+, when "Insecure Content" appears on a page, Chrome will show a shield icon to the right of the address bar. Clicking the shield icon will allow the user to load the problem content for the time being.
For users of Firefox versions 23+, when "Mixed Content" is detected on a page, Firefox will show a shield icon to the left of the address bar. Clicking on the icon will show options that allow you to "Learn More", "Keep Blocking", or "Disable Protection on This Page". Select "Disable Protection on This Page" to disable the "Mixed Content" warning. For more information, please refer to Firefox's Mixed Content Blocking Enabled in Firefox 23 page.
Last modified: 2018-03-16 18:26:38