What Do I Do If There is a Protocol Conflict? 

Question

Within an SSL connection, the browser displays an error message (safety information) saying that the page concerned contains both secure and insecure objects and asks whether the user wants to display the objects that are not secure.

This is a problem with URL generation in the application: absolute URLs are generated with the (incorrect) HTTP protocol instead of HTTPS.  The usual browser configuration causes the browser to display a warning with an http:// request whenever HTTPS is active.

Answer

Determine where absolute URLs are generated in the application. You can find this out using HTTP logging (see Logging in the ICM). Ensure that more absolute URLs are not generated.

For example, absolute URLs are generated with a mail page with which a message is sent to a selected recipient from a list. The BSP mail.htm is used for this, to which all selected rows as transferred as parameters. The e-mail address is determined for each selected row and the mail message is generated using JavaScript.

Note that in the coding, instead of window.location = 'mailto:...', the statement window.open( 'mailto:...') is used.

SAP recommends that you do not use fully specified URLs, that is, do not use URLs with information about the protocol, host name, domain details and port.
Only use absolute or relative URLs instead, such as /sap/something/or/another oder ../another. In this way the URL is fetched in the protocol that is currently active and will function correctly both for HTTP and HTTPS.