2 Replies Latest reply: Jan 10, 2014 2:36 PM by sancho_p
AppleJason Level 1 Level 1 (10 points)

I have a site when using https: safari is hiding the fact.  I thought Apple brought back the ability to show whether or not you're on http or https?

 

With some sites, I do see the lock, and with other sites, I do NOT see the lock. 

 

Here is an example of what I do NOT see:

https://www.dropbox.com/s/9oi8ips9431z2ey/Screenshot%202014-01-10%2013.02.00.png 

 

From what I've learned, it's possible there is insecure content on an otherwise https: secure site, so apple drops the padlock for such a page... is this correct?

 

If I go to Chrome, and display the same exact site, it shows https:// though... so I know I'm on SSL... but why doesn't apple show this?

 

Thanks!

Jason


MacBook Air, OS X Mountain Lion (10.8.3), 2012 Model (1.8ghz i7)
  • Linc Davis Level 10 Level 10 (155,765 points)

    From the Safari menu bar, select

            

    Safari Preferences Extensions

         

    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

     

    If you wish, you may be able to salvage the errant extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

  • sancho_p Level 1 Level 1 (5 points)

    I’m not sure if I understood Jason’s concern, please apologize when I’m OT here.

     

    Instead of ”hides https” I’d say:

    Sometimes Safari 7 is silently ignoring https (or forgetting what I was asking for).

     

    There is a different behavior in Safari 7.0.1 / Mavericks, compared to 5.1.10 (on my old Mac’s 10.6.8).

    The site https://www.gmx.com (a webmail provider) in Safari 5.1.10 (SL) will always open in https, with or w/o my extensions (Adblock and ClickToFlash) or JavaScript enabled/disabled.

     

    In contrast, Safari 7.0.1 (10.9.1) will silently and without any warning go down to http connection, regardless of (same) extensions or JS settings.

    So you have a “secure address / bookmark” but then your log in will be plain.

     

    To increase confusion, same page “reloaded” will very often result in https connection, but a freshly started (or reset) Safari will never. In case of “https” (after the reload) another click at my bookmark will briefly take me to https but then indicate to be http only, again, no warning.

     

    Firefox 26 will always come up with https at my example page, with or w/o “HTTPS-Everywhere”, but giving a warning regarding mixed content (yes, the site also contains“insecure” content).

     

    Is it “https” when the lock isn’t there?

    Is it a bug or feature in Safari 7 only?

    Is it possible to “force” Safari 7 to use https?

     

    Thanks for reading!