Printable View
Hi all..
Been searching the forums for days trying to find an answer.. but with no joy :no:
I'm getting the "This page contains both secure and nonsecure items... " warning on IE (and similar in FF) I've seen several people say hard coded HTTP: links are the issue, but I can see any on my site. The only thing I'm thinking it could be is the <base href=http in my code.
HOW do you change this to <base href=https ? Or is this not the problem?
My website: www.sourcetech.co.uk
Please help!!
Mike
What values are you putting in your configure.php files for:
PHP Code:define('HTTP_SERVER', 'http://xxxxxxxxxxxxxxxxxxxx');
define('HTTPS_SERVER', 'https://xxxxxxxxxxxxxxxxxxxx');
Hi fairestcape, both my configure files say the following:
That seems right. I just tried adding "/shop" onto the end, just on the off-chance that this worked.. and it managed to kill the entire site! Not such a good idea then! :unsure:Quote:
define('HTTP_SERVER', 'http://www.sourcetech.co.uk');
define('HTTPS_SERVER', 'https://www.sourcetech.co.uk');
These paths to http and https look quite correct.
(Is your SSL cert for www.sourcetech.co.uk, or just sourcetech.co.uk?)
HTTPS is invoked by zencart only when necessary - ie: when sensitive data is being transmitted. (Names, Addresses, Checkout process).
Most of the time, it operates in http mode.
If you are getting "Insecure elements" warnings when logging in, or going through checkout, then this is generally a result of a http:// URL embedded somewhere in the code calling https: (It could be in a define page, or a template file.
When the message appears, say "No, don't display insecure items", then look at the output to see what's missing... That's your clue as to how to resolve it.
Here are the insecure items...
Code:<script language="javascript" type="text/javascript"><!--
function session_win() {
window.open("http://www.sourcetech.co.uk/shop/index.php?main_page=info_shopping_cart","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
Code:<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js">
Code:<img src="http://mystatus.skype.com/balloon/mike.r.backhouse" style="border: none;" width="140" height="56" alt="My status" />
~MelanieCode:<a onClick="window.open('http://www.shopmania.co.uk/?m=139'); return false;" alt="Visit Sourcetech.co.uk on ShopMania" target="_blank" href="http://www.shopmania.co.uk"><img border="0" title="Visit Sourcetech.co.uk on ShopMania" src="http://www.shopmania.co.uk/img/cert/shopmania-store-uk.gif" alt="" /></a></p>
<p>
Thank you for replies, really blows me away when people take the time to help.
fairestcape, I'll check our SSL certificate, my MD who actually bought it, is under the impression that it IS minus the www, so that could well be the problem..
mprough, I noticed the same things when checking the source code. So I've now switched off the skype sidebox and the box that contained the shopmania link. Cant for the life of me figure out where that bit of javascript's coming from:
So I'll take a better look at that asap.Code:<script language="javascript" type="text/javascript"><!--
function session_win() {
window.open("http://www.sourcetech.co.uk/shop/index.php?main_page=info_shopping_cart","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
Question.. if there are ANY hard coded links on the site, even to external sites, then this will cause issues with HTTPS? How do I get round linking to say http://www.google.com, when there isnt an HTTPS alternative? :unsure:
Internal links can be absolute... External links must be to secured pages.
If your www/non www was incorrect on the SSL it would display an error and not load the page at all....
~Melanie
How deep does the rabbit hole go?....when on the login page, which should be secure I see a base href ofwhen ti should beCode:<base href="http://www.sourcetech.co.uk/shop/" />
That is causing all of the stylesheets and images on the page to be called unsecure on the secure page.Code:<base href="https://www.sourcetech.co.uk/shop/" />
Who is the hosting company?
A few hosts are known to be unable to support SSL using conventional methods.