Announcement

Collapse
No announcement yet.

Secure Content

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Secure Content

    I have just re-instated ssl in my checkout pages, as are going to be changing my psp and the new one requests it, even though we will not be handling any payment details. I would like to be able to stop the pop-up message asking whether we want to allow insecure content. When I no, the page loads, and nothing seems to be missing.

    I have tried adding s to http in the Google Adwords code. Is this the correct thing to do, and what else may need changing? I don't think I can change anything that also appears on non-secure pages.

    Sarah

    #2
    What's the site URL? It's easiest to just take a look and see what needs changing.

    Mike
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment


      #3
      Hi Mike

      It is www.avidlite.co.uk. I have ssl on the Checkout and Login pages. Thanks.

      Sarah

      Comment


        #4
        Checked for insecure content

        I have gone on www.whynopadlock.com and had my checkout pages checked for insecure content. It found none, and I got green ticks for everything. So why do you think I am still getting the pop-up box?

        Sarah

        Comment


          #5
          Different browsers

          I get a pop-up box in the middle of the screen in my IE8 (can't have later as XP). However, in Chrome and in Firefox nothing pops up. In IE11 on a computer with Windows 7 it comes up as a pop-up line near the bottom of the screen and is not quite as obtrusive as in IE8. As nothing appears to be insecure, I think I am going to have to just accept this, though a bit annoying.

          Sarah

          Comment


            #6
            Insecure content warning occurs if you have a http source on the https page such as an image or Javascript. You've got a Statcounter Javascript at the bottom of your layout. According to their knowledge base they have https code for upgraded accounts see here. You can specify blockifs in the layout to show different code to different pages, i.e change to https code for login and checkout pages.
            Peblaco

            Comment


              #7
              It could be your statcounter script. That's not using https.

              Mike
              -----------------------------------------

              First Tackle - Fly Fishing and Game Angling

              -----------------------------------------

              Comment


                #8
                I have just made my football trophies website all SSL to trial the recent Google SERPS news.

                The green padlock is present on all the pages apart from the section pages with active filters. Looking into the http and https it looks to be fine on the page. I am wondering about the filter scripts.
                Quality engraved Sports Awards, Golf Trophies and Football Trophies in 3 -7 days.

                Comment


                  #9
                  It does seem to be the filters that are causing the security warning in chrome, explorer is fine after changing all http references to https.
                  Quality engraved Sports Awards, Golf Trophies and Football Trophies in 3 -7 days.

                  Comment


                    #10
                    Sorted Thanks

                    I have updated the Statcounter code on my website, the default code that they give, and the secure pop-up warning no longer pops up. I didn't need to make any changes to any code, just the most recent code rather than several years old.

                    Thanks.

                    Sarah

                    Comment


                      #11
                      Hi,

                      I am getting the same sort of issue on my site. Looking on Chrome at your website with Tools> Developer Tools then rather than a green padlock I am getting the ssl alert icon.

                      alert iconyellow https The site uses SSL, but Google Chrome has detected insecure content on the page.Be careful if you're entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.

                      Reading the developer tools it suggests the problem lies at
                      The page at 'https://www.avidlite.co.uk/cgi-bin/os000001.pl' was loaded over HTTPS, but is submitting data to an insecure location at 'http://www.avidlite.co.uk/cgi-bin/ss000001.pl': this content should also be submitted over HTTPS.

                      I am getting exact same thing but with my domain.

                      David
                      David Sewell
                      The Cotton Patch
                      http://www.cottonpatch.co.uk
                      http://www.rotarycuttershop.co.uk

                      Comment


                        #12
                        Our sites used to have a "everything secure" padlock during checkout,
                        but since moving up from v10 to v12 2013, the padlock has changed to a "not-so-secure" padlock.

                        I've tried checking on the "Sellerdeck 2013 Example Sites" and found the two that were https:// also had the same not-so-secure padlock. Surprisingly, most sites on those examples had checkout pages not https...

                        See attached images.

                        We sometimes have a person call (maybe once every few months) and say our site is not secure, but it's normally due to their PC's high security settings, but we might expect more now...

                        I had a quick search and found this thread, but can't see if this was ever resolved.

                        Any update?
                        Attached Files

                        Comment


                          #13
                          When SSL is set on the whole website and causes Chrome padlock to show a warning on a filtered / paginated product summary page the Console shows the error is:
                          The page at '..p1.html' was loaded over HTTPS, but displayed insecure content from 'netquotevar:THUMBNAIL': this content should also be loaded over HTTPS.
                          <img src="NETQUOTEVAR:THUMBNAIL" NETQUOTEVAR:THUMBNAILSIZE border="0"/>
                          The hidden tag is part of the SellerDeck code for filtering and paginated pages but it creates a broken link Chrome reports as a secure content problem.

                          When SSL is set on login and checkout and causes Chrome padlock to show a warning on a secure page the Console shows the error is:
                          "The page at 'https...../cgi-bin/os000001.pl' was loaded over HTTPS, but is submitting data to an insecure location at 'http...../cgi-bin/ss000001.pl': this content should also be submitted over HTTPS."
                          <form name="simplesearch" method="get" action="http....../cgi-bin/ss000001.pl">
                          The quick search form submits data to a http non secure page not a https secure page.

                          Edit: That is a bug and there is a temporary fix here.
                          Last edited by peblaco; 23-Oct-2014, 09:22 AM. Reason: Added link to temporary fix
                          Peblaco

                          Comment


                            #14
                            SellerDeck support said Chrome padlock warning if you have SSL set to login and checkout related to the search script is a bug and they have a temporary fix.
                            "Bug reference SD-4301 - The bug will be reviewed for fixing in a future release. Currently the the only workaround is to apply a conditional block to remove the search from the checkout. Please go to 'Design | Library | Layouts' and locate the layout 'Regular Header Area' and then when that layout opens locate the layout marker:- QuickSearchBar in pink and replace this with: -
                            Code:
                            <actinic:block if="%3cactinic%3avariable%20name%3d%22IsSSLUsedForEssentialPages%22%20%2f%3e%20%3d%3d%20false%20or%20%0d%28%3cactinic%3avariable%20name%3d%22IsSSLUsedForEssentialPages%22%20%2f%3e%20AND%20%0d%20%20%20%28%3cactinic%3avariable%20name%3d%22PageType%22%20%2f%3e%20%21%3d%20%22Login%22%20%20%0dAND%20%3cactinic%3avariable%20name%3d%22PageType%22%20%2f%3e%20%21%3d%20%22Checkout%20Page%200%22%0dAND%20%3cactinic%3avariable%20name%3d%22PageType%22%20%2f%3e%20%21%3d%20%22Checkout%20Page%201%22%0dAND%20%3cactinic%3avariable%20name%3d%22PageType%22%20%2f%3e%20%21%3d%20%22Checkout%20Page%202%22%0dAND%20%3cactinic%3avariable%20name%3d%22PageType%22%20%2f%3e%20%21%3d%20%22Receipt%22%29%29" ><actinic:variable name="QuickSearchBar" /></actinic:block>
                            and click 'OK', then upload the site for the changes to take place."

                            Alternatively you can change the code in the quick search and add blockifs to check for page type and using either a http or https link depending on the page you are on.
                            Peblaco

                            Comment


                              #15
                              SellerDeck support said the Chrome padlock warning on a filtered / paginated product summary page due to the image source "NETQUOTEVAR:THUMBNAIL" is a bug and there is not currently a fix. "Bug reference SD-2401 - This query has been caused by a bug. It would appear that Chrome still attempts to call the template of SRC regardless; it works correctly in all other browsers. Sadly there is nothing that can be done at the moment; this will need careful fixing without impacting the filtering system."
                              Peblaco

                              Comment

                              Working...
                              X