I'm still getting the "some items on this page are insecure" in IE.
I've changed both configure.php files.
I'm using imagehandler 2, could that be the problem?
Thanks,
JP
I'm still getting the "some items on this page are insecure" in IE.
I've changed both configure.php files.
I'm using imagehandler 2, could that be the problem?
Thanks,
JP
John -
Why are you trying to run the whole site SSL?
Please do not PM for support issues: a private solution doesn't benefit the community.
Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.
Code:<!--eof- banner #6 display --> </body><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> </script> <script type="text/javascript"> _uacct = "UA-1686170-1"; urchinTracker(); </script> </html>
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Thanks Doc!
Kim, in IE 7. When people surf the site every single page says that some items are unsecured. It's annoying having to turn this off all the time.
It's driving my wife crazy, she's mentioned it three times today. My marital bliss is getting tarnished. haha.
Is there a better way?
Thanks,
JP
DrByte,
Is that code for me? Please explain how that would fix my problem.
Thanks,
JP
No, I was pointing out "what" your problem is.
If you run Zen Cart normally, it will auto-switch in to SSL mode on pages that need it.
However, if you have hard-coded http: addresses in src tags on your site, then any SSL pages will show warnings about those non-SSL src addresses.
Fix those src addresses, and then your SSL pages will work fine.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Ok,
Apparently I can't change the url http://www.google-analytics.com/urchin.js because then the script no longer works.
I've now reconfigured my configure.php to the following.
Site configure.php
Admin configure.phpCode:define('HTTP_SERVER', 'http://birdoasis.com'); define('HTTPS_SERVER', 'https://birdoasis.com');
Any other suggestions other than removing the google-analytics.com code?Code:define('HTTP_SERVER', 'http://birdoasis.com'); define('HTTPS_SERVER', 'https://birdoasis.com'); define('HTTP_CATALOG_SERVER', 'http://birdoasis.com'); define('HTTPS_CATALOG_SERVER', 'https://birdoasis.com');
Well that seems to have worked.
The popup message is gone, but I have to wonder why it showed up in the first place, and what problems have I cause by fixing this one.
In my next life I want to be a programer, but I'm starting to wonder if being a dog would be more relaxing.
JP
You could change it to be https: instead of http:
Or you could use one of the GA mods that has code written to flip the URL if the shop is on an SSL page.
Or you could add an IF/ELSE statement around the code to show the right protocol when using SSL. An abbreviated version would be to replace the 'http:' in the google URL with this:Code:src="<?php echo ($request_type == 'SSL' ? 'https://ssl.' : 'http://www.'); ?>google-ana...
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Google Analytics does serve up its JS file from a secure location.
The html for this is as follows, just replace the relevant line in your html!
HTML Code:<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>