Secure vs Not Secure browser warning for Cross-Site Content
Problem reported by Scarab - 7/24/2020 at 4:54 PM
Submitted
I honestly can't say when this started happening in SM webmail.

When you browse to an HTML based email that has external elements and click on [SHOW] (or if the user is set to "Show images from external websites") the secure session in your browser switches to "Not Secure". I can understand this. As you are retrieving elements from external sources the webmail session isn't necessarily secure because of cross-site content (GMail gets around the browser switching to a "Not Secure" session by proxying external elements).

The problem, however, is that even when you do switch to a different email that does not contain any external elements, or go to a different function, such as Calendar, or Contacts, your session is still showing as "Not Secure". A manual refresh of the webmail while you are on an email that does not contain external elements will result in the browser going back to showing it is secure, but this isn't done automatically via redirect or forced refresh. This leads to the webmail user believing that their entire session in webmail is not secure after viewing just one email with external elements.

I'm pretty certain this isn't Working As Intended nor has it always been like this.

1 Reply

Reply to Thread
0
Webio Replied
IMHO this is normal behavior in browser. Keep in mind that all actions are being handled by ajax calls so browser is not refreshing it's content and since not secure content was loaded it will show that something like that has happened until you refresh whole page.

Only solution for this kind of behavior is the way how GMail is handling it.x

Reply to Thread