Friday, March 20, 2009

How to: Prevent the security dialog about unsecure items in IE

keywords: IE8, mixed, content, dialog, warning.

In my previous post about the new dialog in IE8 about mixed content, someone asked "How can I prevent this message from reappearing?", I thought it would be a good-to-have post and started writing this, but someone else already answered it (thanks Anonymous), in any case, here's what you need to do if you don't want to see that dialog:
tools>internet options>security>custom level>display mixed content: enable


Note that if the site you are visiting is NOT on the internet zone, you would have to make the changes to the appropiate zone:

here's how you tell which "zone" you are on, on the bottom right hand corner of the browser you should see something like this:


If you double click that, you can make changes to the other zones (Local Intranet, Trusted sites, restricted sites)



Just click the zone you want, and it will bring up the first dialog (from this post) where you can make the change.

This applies to IE8, IE7, IE6 (I don't know about older versions)

22 comments:

Adam Douglas said...

Worked like a charm. Thanks.

Anonymous said...

Thanks. This dialogue has been bugging the hell out of me since I changed to IE8. Microsoft are useless sometimes.............

melissa said...

life savor!

Brendan Cosgrove said...

I had added a site to "Trusted Sites" and made that change on that zone, but it didn't make the message go away until I changed the setting on the internet zone. The only reason I can figure is that some content was in the domain I specified in "Trusted Sites" and some wasn't.

Thanks.

BlackTigerX said...

that's a pretty good guess

Jon Hartman said...

Thanks, that's exactly what I needed. I was doing a CBT that was prompting me at every slide. It's now a MUCH more pleasurable learning experience. ;)

Lini said...

You're a God-send!!!!
Thanx again and I'll be back with other questions as it appears YOU are the ONLY computer genius that speaks Plain English! :)

BlackTigerX said...

glad the article was of help :), feel free to ask any questions

Michael J said...

OMG! Thank you. That message was driving me craaaazy.

Pamela said...

Thanks, that solved it but I wish I knew why it started happening. Oh well.
jmrpjb

Anonymous said...

It is all well and good recommending that users disable this "annoying" Microsoft feature but by doing so you are removing the security of HTTPS - an attacker is able to inject malicious content into web pages if they own the DNS server for instance. Whenever this message appears it is caused by sloppy web design - this is simply a bug in the web page that means you are at risk. In the medium term web site owners will now have to fix their dodgy sites and stop abusing the trust of users. There is nothing wrong with IE8 at all in these scenarios – in fact IE is protecting the user against sloppy web designers.

Anonymous said...

Thank you so much. It worked! And it was so easy.

User Advocate said...

To the Anonymous quote posted 3/10/2010... it's *partially* Microsoft's fault, because the way the message is presented (the way it's worded, etc.) is outside the norm for warning messages, and is extremely confusing even to users who actually read the damn message, let alone users who just do a quick 'scan' of the message (which MS should know is what 90% of users do). In the end, this "preventative measure" ends up being useless, because the way its implemented encourages people to bypass the safety altogether. Classic case of "security" vs. "usability". So, while I understand your point about sloppy web design, Microsoft does share a bit of the blame here for sloppy warning message/security options design.

User Advocate said...

@Anonymous from 3/10/2010... as much as the coders share blame for sloppy web design, so too does Microsoft share the blame for sloppy security warning message design.

Doug Falkenburg said...

As a web system designer, I have zero control over what users set the IE8 settings to. I can't find anything on my pages that use non-SSL content. So how can I avoid my users from getting this message. I can't avoid sloppy design if I don't know what is pissing off IE8.

BlackTigerX said...

use some tool, in the case of IE you can use Fiddler to find out all the items being downloaded and their locations

Anonymous said...

Funny... selecting the comment link presented the very message this thread is about..

Many times if you just select "No" on that dialog the page will load albeit sans the non-secure code..

I do have a problem with the typical response that blames websites for this problem and that IE8 is somehow superior. Why does this problem not occur in FireFox or Chrome? Crap like this and especially the lousy response from MSFT are driving users to those alternate browsers.

BlackTigerX said...

This problem does not occur in Firefox or Chrome because they just display the unsecure items, which is actually a security issue with those browsers, MS makes it "easy" (default) for you to chose the more secure way of displaying the pages, though, it is annoying, security does get in the way of usability

Tim said...

This solution does not work for me, I have enabled the mixed content in every zone setting, resarted ie, and my computer several times, put the website in my trusted sites list, taken it back out, put in again several times and still get this annoying ass message eveytime i go to the webpage and everytime I click a link on the page. Any suggestion as to a deeper solution?

The Prince of Frogs said...

Hey Tim,

I had the same problem as you.

How I solved it.

I had to go into Each and Every Zone by double clicking the Status Bar where the Internet zone shows. This opens the dialog window. I then clicked Enable Dispay mixed content. Then I clicked on EVERY OK and/or close to get out of the dialog.


Then I closed Internet Explorer. Then I restarted my computer.

When I went into IE after the restart and went to the site that was producing the obnoxious message, there was NO message.

I tried doing this by going into Tools, Internet Options, etc. and this did NOT seem to work on my computer. I run Windows XP Pro. IE 8.

Oh, I do most of my browsing in Opera, Firefox, then IE and then the worst one I use that is Gooble Chroime. I do have a few uses for Chrome. I tried Safari Apple. BAD. The stupid application KEEPS running after I close the Safari browser.

I Love Firefox and have used it for years but there are some sites that Opera works better for.

And for some Secure sites and some Government sites IE is the best choice. I have made a secure payment online in Firfox Only to have the browser freeze with the last step. It is a pain trying to figure out it the payment worked so I don't make a double payment.

I am an advanced user. Been doing internet since 1994. I used to almost re-program in Win 3.1 using dos. Dos is a very powerful tool even in Windows XP.

Anonymous said...

I don't buy UserAdvocate's argument. This is a lousy impleentation, because it requires users to enable mixed content *everywhere* (as described inlast post by "Prince of Frogs". Why does IE8 still give me this warning on sites inmy trusted list, when I have already enabled mixed content for the trusted zone?

Delmere said...

Might be a bad idea to display mixed content. It my case the source of the problem seems to be some adware was installed. So you should also scan for malware.