Loading javascript or css files from external URL giving Warning insecure content

Question

i am developing a gmail contextual gadget in this gadget there are some images.can any one please tell how to load images in contextual gadget.for example i am hosting my Method spec at http://cloudfactor9.appspot.com/first_app3.xml and there are http://cloudfactor9.appspot.com/assets/img/cflogo.png when in first_app3.xml i declare a

<img src="assets/img/man.png" class="man-image"><img>

it gives me 404 not found error.

when i declare img element in this way .its giving me warning

<img src="http://cloudfactor9.appspot.com/assets/img/man.png" class="man-image"><img>


Warning: The page at https://mail.google.com/mail/u/0/?ui=2&shva=1#inbox/140d95d0cccc60a5 displayed insecure content from http://cloudfactor9.appspot.com/assets/img/cflogo.png.

i want to get rid of this warning. what is the proper way of loading images ,javascript and stylesheets in google contextual gadget please guideline.

Answer 1

Your static content is served off of an insecure protocol (http) hence the warning. The proper approach would be to just include your static content be included with just the "protocol relative" URL. For example, you would do;

Answer 2

You have the "insecure content" problem described here (for Google Chrome, but it is the same for all major browsers). You should configure your application "cloudfactor9" to force secure connections on some (or all) of the URLs, as described here:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>profile</web-resource-name>
        <url-pattern>/profile/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Then you can access your resources via HTTPS (https://cloudfactor9.appspot.com/assets/img/cflogo.png) from a page that is retrieved via HTTPS (like those at mail.google.com).