----- Original Message -----
From: "Jeremy Chadwick" <jdc@koitsu.org>
I know exactly what you mean when you say "mixed-mode security" (for readers: accessing a site using HTTPS, but the URLs referenced within that site (for things like CSS, images, etc.) might use HTTP).
But what I don't know is where you've seen this. As in a step-by-step for where you commonly see it. Even if it varies, just make an itemised list of steps (from the point you hit http://twitter.com/ to wherever you see the issue) where you commonly see it.
Generally, anywhere I go on twitter's site (since it's AJAX now, there really isn't anywhere you "go"), it's https and it's not crossed out, as Chrome does to indicate mixed-mode. As of tonight, I'm getting the "crossed-out https" indicator everywhere, even after a cache purge and a Ctrl-F5 reload.
I can try to reproduce it there if need be, and/or do some analysis with either Firebug's Network tab or Wireshark, but I need a good starting point! :-)
Remind me where Chrome identifies what's unsecure, and I'll go look it up.
Also, and I probably don't need to tell you this, but too much code on webservers (doesn't matter where (front or back-end)) behaves different based on HTTP User-Agent string. (I could write my own rant about this completely unnecessary approach, but I'll spare folks)
Sure. But this is "change in working environment, not apparently prompted by anything user-side". Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274