"Insecure Favicon" is causing mixed content on secure pages

[mc12345678]

Ok, these are the only instances where favicon shows up, and the files they are in:

includes/languages/english/winchester_black/meta_tags.php (this is the template I'm using)

Code:

Line #64 : // favicon setting 

Line #66 : // define('FAVICON','');

includes/templates/template_default/common/html_header.php

Code:

Line #34 : <?php if (defined('FAVICON')) { ?> 

Line #35 : <link rel="icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #36 : <link rel="shortcut icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #37 : <?php } //endif FAVICON ?>

includes/templates/winchester_black/common/html_header.php (this is the template I'm using)

Code:

Line #56 : <?php if (defined('FAVICON')) { ?> 

Line #57 : <link rel="icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #58 : <link rel="shortcut icon" href="<?php echo FAVICON; ?>" type="image/x-icon" /> 

Line #59 : <?php } //endif FAVICON ?>

If that's the case then either FAVICON is defined in the database or it's not FAVICON that is being displayed. Based on the above code, FAVICON is never defined and therefore the sub-code in the if statement is never run if all has been provided.

[BlackOrchidCouture]

Hi, yes, that is all that comes up in Developers Toolkit.

So, I had an idea, I copied my favicon into the base of my store, and to the meta_tags.php English defines file I'm trying to figure out the correct syntax to define the favicon to reflect the new path, but I'll use the full https:// url. Here is what I tried, though I'm still seeing the yellow triangle so it doesn't seem to have worked. Do I need to wrap something around the link?

Code:

// favicon setting
// There is usually NO need to enable this unless you need to specify a path and/or a different filename
//  define('FAVICON','https://www.blackorchidcouture.com/store/favicon.ico');

[lat9]

The FAVICON, if set, gets its value from a PHP define statement; it's not stored in the database.

If your favicon is named favicon.ico, simply place it into the root of your Zen Cart (the folder/directory where the file ipn_main_handler.php is located) and browsers will "find" it by default.

[BlackOrchidCouture]

Hi, yes, I have moved my favicon to the root of my store, but it hasn't fixed the mixed content SSL issue which still says the favicon needs to be delivered over https://, that's why I was thinking if I indicated the direct URL to my favicon and included https://, it might work. I'm just not sure of the syntax of adding a URL to a language defines file...

[lat9]

Hi, yes, I have moved my favicon to the root of my store, but it hasn't fixed the mixed content SSL issue which still says the favicon needs to be delivered over https://, that's why I was thinking if I indicated the direct URL to my favicon and included https://, it might work. I'm just not sure of the syntax of adding a URL to a language defines file...

It's almost looking like a bug in Chrome; there's no place in your generated HTML (press Ctrl+U to view) where you're calling out the favicon. To work around the issue, you could edit the file /includes/modules/YOUR_TEMPLATE/meta_tags.php and add:

Code:

define ('FAVICON', HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'favicon.ico');

[lhungil]

I'm seeing the following in the developer console (latest version of Chrome):

1. GET https://www.blackorchidcouture.com/favicon.ico 404 (Not Found)
2. ... requested an insecure script 'http://www.blackorchidcouture.com/store/includes/winchester_black/jscript/jquery.carouFredSel-6.0.2.js'. This request has been blocked; ...

The first item indicates their is no favorite icon "favicon.ico" on your website. Did you place this file in the correct location ("/favicon.ico")? Or did you place it somewhere else (such as "/store/favicon.ico"; would require doing something similiar to what lat9 suggested)?

The second item is probably the actual cause of the insecure / mixed content warning. A similiar warning is shown by Firefox and Internet Explorer.

[BlackOrchidCouture]

Hi, thanks, yes I originally had my favicon.ico in my public folder, but moved it to my store folder in trying to fix this SSL issue. My favicon was still showing up, but it didn't fix the SSL issue. I added the define favicon code that lat9 suggested, but it didn't remove the yellow triangle (and yes, I too noticed that this SSL issue is just showing up in Chrome, Firefox isn't showing any warnings).

I just found a fix to the js carousel showing an error here: http://www.zen-cart.com/showthread.p...Template/page6

So now the warning is gone for that, and ironically the warning about the favicon is gone too! But, still a yellow triangle, and this is the last thing showing up in the Javascript Console for Chrome:

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check http://xhr.spec.whatwg.org/.
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/js/bunches/content.js:7 Iframe attached successfully

Any ideas on how to fix that? Thanks for helping me with this guys!

[lat9]

I'm seeing the following in the developer console (latest version of Chrome):

1. GET https://www.blackorchidcouture.com/favicon.ico 404 (Not Found)
2. ... requested an insecure script 'http://www.blackorchidcouture.com/store/includes/winchester_black/jscript/jquery.carouFredSel-6.0.2.js'. This request has been blocked; ...

The first item indicates their is no favorite icon "favicon.ico" on your website. Did you place this file in the correct location ("/favicon.ico")? Or did you place it somewhere else (such as "/store/favicon.ico"; would require doing something similiar to what lat9 suggested)?

The second item is probably the actual cause of the insecure / mixed content warning. A similiar warning is shown by Firefox and Internet Explorer.

FWIW, I found the favicon at https://www.blackorchidcouture.com/store/favicon.ico