We are attempting to use secured services with a legacy Silverlight application with data we are hosting in ArcGIS Online. All content on all sides of the application is set to HTTPS only and all necessary cross site scripting is set as well as CA certificates at the server and software levels but we get a popup upon loading the application that asks us if we want to "Accept Mixed Content".
Parsing out the insecure content yields that the application is seeking the following:
Our setup interface to the application is bullet simple. You paste the URL of your Map Service and Feature Service into a form and that's it.
Everything is set to https only and there are no URLS in the AGOL map or feature service JSON that are not https. Nowehere in our ArcGIS Online map or feature service do we make any reference to any services or sharing at the root of ArcGIS.com or using standard http: calls. All of our services are coming from https://services1.arcgis.com.
Nor are is the insecure content from www.arcgis.com requested when we open our ArcGIS Online map or feature services outside of Silverlight. Nor can we find a checkbox or button that would seem to enable/disable whatever this is. These calls seem to be coming out of nowhere
Strangely we don't get this error when we supply the same data from our GIS Server into the application. It is tied to ArcGIS Online.
Kind of driving us bonkers as the Silverlight application requires a secure connection to function properly. Anyone have any thoughts on where this problem is emanating from and how we fix it? We can't tell the end user to set the browser to accept mixed content. That is unacceptable in a secure application. Thanks.