Hi, I'm debugging an https page with httpFox, looking for insecure content. There's only one insecure request on the entire page, but I can't tell what it is for?
httpFox is flagging this request...it's the only "http" request on the page (the rest are "https"):
00:00:57.444 0.378 970 113575 GET 200 text/html (NS_IMAGELIB_ERROR_NO_DECODER) http://[thebaseURL]/
where the "thebaseURL" is the just the root domain without anything after it (no subpath or file request)
Is there something in the response header that would be the problem? when I click on the line above, I see the response header includes to "set-coookie" for two cookies...would setting a cookie without the secure flag being set cause the problem?
I was able to identify the problem by cutting and pasting the raw HTML source of the page into a new page (copying chunks of HTML code one by one) and testing for when the SSL-certificate-validation broke.
It turns out that there was a broken image path for a 1x1-pixel shim gif. Once I corrected the image path, the page displayed correctly (no "insecure content" error).
It's curious that a missing image would cause the browser to display the "page contains a mixture of secure and insecure content" error, but hopefully this will help someone else in the future.