BlueConic recommends using the Chrome Browser for developing and testing BlueConic applications.
When you open a website within BlueConic (e.g. in the Dialogues editor or in the BlueConic Simulator) you might trigger a Chrome browser security warning against opening HTTP content in an HTTPS browser window. In most cases, BlueConic detects this and instructs you to allow the viewing of mixed content.
How to allow Chrome to display insecure HTTP content
We recommend you use the Chrome browser for developing and testing in BlueConic. Follow these steps to enable Chrome to display HTTP content in BlueConic.
- At the top of your Chrome browser window, click the lock icon to the left of the URL.
- Select Site settings.
- At the bottom of the Settings page, under Permissions, select Allow for Insecure Content.
- Return to the browser tab containing BlueConic and click to reload the browser.
Your browser displays a red "Not Secure" alert noting that HTTP content is being displayed within an HTTPS page.
What causes this warning to occur?
BlueConic runs in secure mode (HTTPS) by default. Because BlueConic potentially can deal with sensitive data (such as data from your customers or visitors), the BlueConic server can only be reached via a secure connection, to make sure that all traffic to and from the server is encrypted and secured.
The warning in BlueConic occurs when you try to open a website that does not support HTTPS secure mode and is available only in HTTP mode.
When you try to open a nonsecure (HTTP) element within the HTTPS environment, your browser considers this as a potential security risk, and will not automatically open these http elements, unless you explicitly allow your browser to do so.
To prevent this message from occurring, BlueConic will first try to access the site via HTTPS, but if this is not available, or if some elements on your site are not available through HTTPS, you will get this warning.
What risk do I take, when I allow my browser to continue?
The actual risk is not any different than if you opened this site in a separate tab or in a separate browser outside BlueConic. In those cases you would not get any warnings at all. So there is absolutely no extra security risk when you proceed to load the HTTP-site.
BlueConic only interacts on the page locally via the BlueConic script. Everything that is on the pages that you load can not make any connection back to BlueConic. This means that there is no risk that BlueConic data could be accessed by insecure elements on external websites that you are viewing in the inline editor, the visual picker, or the simulator.
Do I need to allow this every time?
Changing the browser settings to enable Chrome to display insecure HTTP content on HTTPS pages affects Chrome's display for the current BlueConic user, for the current URL (visible at the top of the Site Settings window in Chrome), on the current device.