The present invention relates to World Wide Web (WWW or “web”) browser software security and web applications, and more specifically, to a method of determining Hypertext Transfer Protocol (HTTP or http) process information.
Some web pages and web content are identified by the prefix, “http”, in the Uniform Resource Locator (URL) or web address, indicative of a web site that implements the http. Secure Socket Layer (SSL) and its related protocols are often used to enable encrypted communications between a client computer system and a web server. SSL web pages and web content are identified by the prefix, “https”, in the web address, indicative of a web site that implements the Hypertext Transfer Protocol Secure (HTTPS or https). These web sites, including their web pages, web applications, and other web content, are considered to be secure because of encryption, compared to http web sites, which may be considered to be unsecure. However, some SSL web pages may contain “mixed content”, i.e., both https and http web content.
Modern web browser software products detect http web content within an https web page and display a “popup” message or prompt to a computer user to either accept the http web content or display only the https web content. This feature can be disabled by the user in web browser software security settings; however, doing so allows the web browser software to display or otherwise provide http web content to a user viewing the https web page.
In general, detection of mixed content is good practice, as maliciously delivered http web content inserted into the Document Object Model (DOM) tree can gain access to the https web content on the web page. For example, web applications that serve http web content with https web content are at risk of having their http web content replaced with malicious content through Domain Name Server (DNS) poisoning.
Despite risks associated with http web content, it may be desirable to include http web content, or participate in some kind of http communication from within an https web application. For example, it may be desirable for an https web application running on a client computer to know the status or availability of one or more running http processes on the client computer. However, execution of http commands by the https web application to determine status information may result in a secure/unsecure “mixed content” prompt from the client web browser software.
Therefore, it would be desirable to determine http process information from within an https web application non-obtrusively, i.e., without resulting in a secure/insecure mixed content prompt from the client web browser software.