"Insecure Favicon" is causing mixed content on secure pages

[lat9]

Hi, yes, I have moved my favicon to the root of my store, but it hasn't fixed the mixed content SSL issue which still says the favicon needs to be delivered over https://, that's why I was thinking if I indicated the direct URL to my favicon and included https://, it might work. I'm just not sure of the syntax of adding a URL to a language defines file...

It's almost looking like a bug in Chrome; there's no place in your generated HTML (press Ctrl+U to view) where you're calling out the favicon. To work around the issue, you could edit the file /includes/modules/YOUR_TEMPLATE/meta_tags.php and add:

Code:

define ('FAVICON', HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'favicon.ico');

[lhungil]

I'm seeing the following in the developer console (latest version of Chrome):

1. GET https://www.blackorchidcouture.com/favicon.ico 404 (Not Found)
2. ... requested an insecure script 'http://www.blackorchidcouture.com/store/includes/winchester_black/jscript/jquery.carouFredSel-6.0.2.js'. This request has been blocked; ...

The first item indicates their is no favorite icon "favicon.ico" on your website. Did you place this file in the correct location ("/favicon.ico")? Or did you place it somewhere else (such as "/store/favicon.ico"; would require doing something similiar to what lat9 suggested)?

The second item is probably the actual cause of the insecure / mixed content warning. A similiar warning is shown by Firefox and Internet Explorer.

[BlackOrchidCouture]

Hi, thanks, yes I originally had my favicon.ico in my public folder, but moved it to my store folder in trying to fix this SSL issue. My favicon was still showing up, but it didn't fix the SSL issue. I added the define favicon code that lat9 suggested, but it didn't remove the yellow triangle (and yes, I too noticed that this SSL issue is just showing up in Chrome, Firefox isn't showing any warnings).

I just found a fix to the js carousel showing an error here: http://www.zen-cart.com/showthread.p...Template/page6

So now the warning is gone for that, and ironically the warning about the favicon is gone too! But, still a yellow triangle, and this is the last thing showing up in the Javascript Console for Chrome:

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check http://xhr.spec.whatwg.org/.
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/js/bunches/content.js:7 Iframe attached successfully

Any ideas on how to fix that? Thanks for helping me with this guys!

[lat9]

I'm seeing the following in the developer console (latest version of Chrome):

1. GET https://www.blackorchidcouture.com/favicon.ico 404 (Not Found)
2. ... requested an insecure script 'http://www.blackorchidcouture.com/store/includes/winchester_black/jscript/jquery.carouFredSel-6.0.2.js'. This request has been blocked; ...

The first item indicates their is no favorite icon "favicon.ico" on your website. Did you place this file in the correct location ("/favicon.ico")? Or did you place it somewhere else (such as "/store/favicon.ico"; would require doing something similiar to what lat9 suggested)?

The second item is probably the actual cause of the insecure / mixed content warning. A similiar warning is shown by Firefox and Internet Explorer.

FWIW, I found the favicon at https://www.blackorchidcouture.com/store/favicon.ico

[BlackOrchidCouture]

I just discovered that favicon code you gave me to make it serve over https:// IS why the favicon errors disappeared! I removed it because I wasn't sure I was needing it, and they all came back, put it back on and they are gone! So the last issue that is causing the yellow triangle is the Synchronous XMLHttpRequest.

Getting rid of the warnings one by one, thanks for the code for the favicon!

[jolzzon]

Hi - I have the same problem, getting a yellow triangle in Chrome, referring to the insecure request to favicon on this page.
https://secure.firstediting.com/pric...1_check.php?a=

(" The page at 'https://secure.firstediting.com/pricequote1_check.php?a=' was loaded over HTTPS, but requested an insecure favicon 'http://www.firstediting.com/'.") I created a completely empty file to try to identify the problem with the following coding below.

However I stil see the yellow warning triangle. Does it show up for you as well? As I am not an expert coder, I wonder if I have to create the image file favicon.ico and place it in some certain folder in order to have the code below refer to it. Would highly appreciate som insights here..... / jolzzon
---------------------------------

<?php

define ('FAVICON', HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'favicon.ico');

?>


<html>


<head>
<Title>test</title>
</head>
<body>
<table>
<tr><td>test</td></tr>
</table>
</body>
</html>

---------------------------------

[jolzzon]

OK, uploaded the favicon.ico to the secure folder AND yellow triangle is gone! Thanks smart people out there for a problem that not even my server support team could solve.... Now I can enjoy my weekend, this has been drivning me crazy for a week...

[Phil Soth]

I apologize in advance if I am hijacking this thread, but to me this is related.......

Anyway, I have my favicon working using the solution recommended by lat9 in #11 above. When I click on a secure page, the little padlock blinks on and then goes away. Is this the way it's supposed to work, or is there something else I need to do?

You can watch it happen at www.heirloomstocherish.com. I am on ZC v1.5.4.

Thanks in advance (and I will accept appropriate chastisement if I indeed hijacked the thread)

Thanks,
Phil

[Ajeh]

The credit cards are being called incorrectly so that they are not secure ...