Why am I seeing "Mixed Content" warning messages when using Connect in Chrome?


When using Connect 3.6.0-3.6.1 with Google Chrome, you may encounter the following messages in your Javascript console:

Mixed Content: The page at 'https://yourhost.com/appsdirectory/myapp.html' was loaded over HTTPS, 
but requested an insecure plugin data ''. This content
should also be served over HTTPS.

 For example:


These messages will continue to repeat within the console during your use of the Connect application, but they do not indicate an error in functionality or any real security risk. These messages appear uniquely as a result of certain Chrome browser idiosyncrasies.


  • Product: Connect browser plugin
  • Version: 3.6.0, 3.6.1
  • Browser: Google Chrome

Update to 3.6.5+

Connect 3.6.5 and above no longer causes these messages to be displayed in Chrome. For this reason, you should upgrade to the latest version of Connect, which you can do at the Aspera downloads site.

Explanation of messages

Connect relies on the new PPAPI technology introduced by Google as a replacement to NPAPI. PPAPI is used as a communication channel between Javascript code and the Connect application, which runs in a sandbox environment. The only data that passes between the Javascript code and Connect is specific to setting up Aspera transfers. This data consists of transfer specifications (information used to start a transfer such as rate policy and the remote host of the transfer) which are already visible in your log files. No other information can be passed through this channel.

Chrome flags these communications in the console window as insecure, because in Connect 3.6.0 and 3.6.1 they are sent over HTTP. However, since there are no malicious actions that can be performed with this data or as a result of this HTTP request, these messages can be safely ignored.

Connect 3.6.5 and above makes this communication over HTTPS, and so these messages are no longer displayed.

Powered by Zendesk