Announcement

Collapse
No announcement yet.

SSL Bounce page

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SSL Bounce page

    Hello,

    Our site is prompting the annoying pop-up message about 'content not delivered using HTTPS connection' whenever anybody visits the SSL Bounce page, and this occurs in both IE and Firefox. I would like (if possible) to stop this message popping up as it is annoying and may be worrying for some potential customers.

    If I watch the page load with a utility such as HTTPwatch it shows that the images and javascripts are being loaded from an http and not an https url. However, the page layout is the same as all the other secure pages, e.g. checkout 1, and none of the urls are hardcoded into the layout. I have checked the BaseHREF and this appears to be correct; I have also scoured the forum but alas to no avail.

    The site is: http://www.molesseeds.co.uk and the easiest way to launch the SSL Bounce Page is to hit checkout without anything in the basket.

    Any suggestions welcome! Many thanks.

    #2
    I'd strongly suggest that you read up on PCI DSS, the forum is flooded with information. Short of it, you should not be taking payments the way you are, you are actually 3 years out of date. Scrap SSL and get a PSP and do it PDQ, you are playing with a fire that you will never have a big enough extinguisher to put out if it all goes wrong.

    For such a nice site, it's such a shame to see such poor adherence to standards, particularly the timescales. Really letting the site down and without doubt resulting in less sales because of it. Current situation is a lose-lose, time for change.

    Comment


      #3
      Lee,

      I fully understand your comments and we are working on this, however at present Actinic does not have enough functionality with regard to our wholesale discount structures to allow us to take payments directly via a PSP. At present the orders are securely downloaded, with the payments being processed through a secure web link from our accounting software, and while not ideal it is perhaps no quite as old fashoined as you might think.

      That said, I don't really see the relevance of your answer to my question? I am simply trying to fix an issue with the SSL Bounce Page which shows if somebody orders too little or enters the wrong login details, neither of which are related to payment processing.

      Comment


        #4
        Originally posted by Chippy Minton View Post
        That said, I don't really see the relevance of your answer to my question?
        You said "any suggestions welcome". Mine was to switch off SSL and get up to date.

        Comment


          #5
          Pre-auth could possibly do what you want with a PSP? something like AP even has integration within the application, so that in time alone would surely claw back tenfold the time and costs compared to what you are doing, let alone the risk?

          Comment


            #6
            Ok Lee,

            That's a fair cop; perhaps I should have included the word 'relevant' in that sentence.

            But just to clarify I am talking about the 'SSL Bounce Page' and not the 'PSP Bounce Page'! As I understand it (and feel free to correct me if I am wrong) the SSL Bounce Page is the page that shows if there is an error prior to checkout (e.g. order value below min level) or during login (e.g. invalid login details), and not the one that is displayed during the checkout process with relation to payments being made. Perhaps this isn't the page displayed and that's why I can't fix the problem but when I have added something specifically to this page layout (as listed on the Design tab -> Select Page Type) the added element shows during a faulty login.

            (As an aside, pre-auth is what we plan to use once we get Actinic to reflect our ERP systems pricing)

            Comment


              #7
              The checkout it loses the styling, see here similar issues before about ssl and basehref.
              Peblaco

              Comment


                #8
                Hello Louise,

                Thanks for taking the time to look and comment.

                Which browser are you using to view the checkout? When I view the main checkout it looks ok; and certainly was working alright, so I hope I haven't broken it when trying to fix the problem page.

                In case anybody else has the problem: I fixed the baseHREF for the SSL Bounce Page by adding PageType == 'SSL Bounce Page' to the 'IsEssentialPage' condition. Prior to doing that it inserts 'http' instead of 'https' into the relevant bit of code.

                However, it still doesn't completely fix the problem. There are a pair of remarked out lines that relate to the SSL Bounce Page and https/http urls in the ShoppingCart script so I am wondering if it is a script issue.

                But the suggestion made in comment #19 of the post you mentioned looks an easier thing to try first, so I'll give that a go.

                Many thanks.

                Comment


                  #9
                  Internet Explorer, Firefox is more forgiving and in IE the checkout showed the problem.
                  Peblaco

                  Comment


                    #10
                    Hello Louise,

                    That's certainly curious because I was also looking via Internet Explorer and Firefox and both displayed the cart ok, with only SSL Bounce Page not working. However, if you save a checkout page using Internet Explorer it completely removes the baseHREF code while Firefox just remarks out the baseHREF code. I have downloaded the checkout pages via ftp and the baseHREF is definitely there in the code. In Safari I get a couple of annoying white lines down the left hand navigation menu but the rest of the page still looks correct. Strange!

                    Comment


                      #11
                      Clicking checkout from home page as you said in the first post, that would be ssl bounce, cleared the cache and still get the same issue it's putting http on the basehref.
                      Peblaco

                      Comment


                        #12
                        Thanks for clarifying that; I was beginning to think the whole site was broken!

                        Comment

                        Working...
                        X