"Insecure Favicon" is causing mixed content on secure pages

[BlackOrchidCouture]

Hi all, I just did an upgrade to v154 along with a new template, so my files are all new, though I used a copy of my database from my previous version of my store. I also have moved to new hosting company with a new SSL certificate. Anyway, the little yellow triangle is coming up on my secure pages instead of the green lock (on Chrome), and at first I thought it was because I had added some hard coded http:// links, which I changed to relative links, but after I took care of them all nothing had changed.

In Chrome when I look at the Javascript Console when on a secure page, I get this warning: Mixed Content: The page at 'https://www.blackorchidcouture.com/store/whichever_page' was loaded over HTTPS, but requested an insecure favicon 'http://www.blackorchidcouture.com/store/'. This content should also be served over HTTPS.

I don't know how to even begin to fix this, and have googled it and not found an answer. Any ideas? I'd really like to get my green lock back! Thanks!

[mc12345678]

Hi all, I just did an upgrade to v154 along with a new template, so my files are all new, though I used a copy of my database from my previous version of my store. I also have moved to new hosting company with a new SSL certificate. Anyway, the little yellow triangle is coming up on my secure pages instead of the green lock (on Chrome), and at first I thought it was because I had added some hard coded http:// links, which I changed to relative links, but after I took care of them all nothing had changed.

In Chrome when I look at the Javascript Console when on a secure page, I get this warning: Mixed Content: The page at 'https://www.blackorchidcouture.com/store/whichever_page' was loaded over HTTPS, but requested an insecure favicon 'http://www.blackorchidcouture.com/store/'. This content should also be served over HTTPS.

I don't know how to even begin to fix this, and have googled it and not found an answer. Any ideas? I'd really like to get my green lock back! Thanks!

The easiest way to get help to fix this is to provide a copy of the template file that is presenting the "insecure" image by placing it between code tags generated by pressing the # symbol in the toolbar above the reply entry screen.

The goal... effectively to either on the fly identify if the page is currently being served as https and then present the path to the applicable image(s) in the same manner, or to have the

Code:

src='//www (dot) blackorchidcouture (dot) com/store'

If not mistaken the file in question is: includes/templates/YOUR_TEMPLATE/common/tpl_header.php

[lat9]

... If not mistaken the file in question is: includes/templates/YOUR_TEMPLATE/common/tpl_header.php

Actually, that processing is in /includes/templates/YOUR_TEMPLATE/common/html_header.php.

Look for the section (in the default v1.5.4 version) that looks similar to:

Code:

<?php if (defined('FAVICON')) { ?>
<link rel="icon" href="<?php echo FAVICON; ?>" type="image/x-icon" />
<link rel="shortcut icon" href="<?php echo FAVICON; ?>" type="image/x-icon" />
<?php } //endif FAVICON ?>

If the code looks like that, use your admin's Tools->Developers Tool Kit to search for favicon; if found, make sure that it's just the filename, not prefixed with http://

[BlackOrchidCouture]

Hi, thanks for the replies! I searched favicon in Developers Toolkit, and there are no instances of http:// associated with it. Also, the file html_header.php just has the default favicon code as you posted.

I believe I've found all of the http:// instances that I had hardcoded and turned them into relative links. Do links to outside pages have anything to do with creating mixed content on secure pages? I'm assuming not.

At this point I'm wondering if it's my SSL certificate. I talked to my hosting company yesterday and they showed me that everything is working as it should, but I also noticed that the certificate is for both blackorchidcouture.com and www.blackorchidcouture.com. Shouldn't it just be for the one I use?

Thanks!

[mc12345678]

Hi, thanks for the replies! I searched favicon in Developers Toolkit, and there are no instances of http:// associated with it. Also, the file html_header.php just has the default favicon code as you posted.

I believe I've found all of the http:// instances that I had hardcoded and turned them into relative links. Do links to outside pages have anything to do with creating mixed content on secure pages? I'm assuming not.

At this point I'm wondering if it's my SSL certificate. I talked to my hosting company yesterday and they showed me that everything is working as it should, but I also noticed that the certificate is for both blackorchidcouture.com and www.blackorchidcouture.com. Shouldn't it just be for the one I use?

Thanks!

Said what FAVICON does not contain, but what is the content of the define for FAVICON? There may be more than one instance of it, post all. Include the path of each as well as identify your current template.

[BlackOrchidCouture]

Ok, these are the only instances where favicon shows up, and the files they are in:

includes/languages/english/winchester_black/meta_tags.php (this is the template I'm using)

Code:

Line #64 : // favicon setting 

Line #66 : // define('FAVICON','');

includes/templates/template_default/common/html_header.php

Code:

Line #34 : <?php if (defined('FAVICON')) { ?> 

Line #35 : <link rel="icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #36 : <link rel="shortcut icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #37 : <?php } //endif FAVICON ?>

includes/templates/winchester_black/common/html_header.php (this is the template I'm using)

Code:

Line #56 : <?php if (defined('FAVICON')) { ?> 

Line #57 : <link rel="icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #58 : <link rel="shortcut icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #59 : <?php } //endif FAVICON ?>