Jump to content

- - - - -

Internet Explorer 'only secure content is displayed' and social bookmarks

social bookmarks

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1   Mrmike

  • Members
  • 32 posts

Posted 27 March 2012 - 16:37

Thought I'd post this in case anyone else has the same problem.

The store I've been working on was generating the bar across the bottom of Internet Explorer that says 'Only Secure Content is Displayed'

The entire store is protected by the hosts server side SSL as well as a geoTrust cert. as per the clients wishes to have the URL bar padlock displayed regardless of whether the visitor is in a secure section of the store or not.

After some digging I realized that what was causing the message was the Social Bookmarks module, specifically the LIKE facebook and Twitter TWEET buttons and the regular links to those two sites.

To solve this problem open:

catalog/includes/modules/social_bookmarks/sb_facebook_like.php and the relevant files for facebook, twitter and the twitter button, scroll down to the URL's for facebook and twitter <iframe source="http:// ... " > and simply change http to https

this will prevent IE from annoying or confusing, and possibly scaring away your visitors with the security message pop up

#2   MrPhil

  • Members
  • 7,015 posts

Posted 13 May 2012 - 00:37

That will work only if the "foreign" site such as FB or TW supports https access. If they don't, you'll get an error. If you are referencing your own site (just a different page), just give a relative or absolute HTML path, without http[ s ]://yourdomain. The browser will attach http://yourdomain or https://yourdomain to match whatever mode this page is. If that's a problem, you'll have to explicitly give the http://yourdomain or https://yourdomain.

What kind of warnings/errors you get when putting http items on an https page depends on what the item is. If it's embedded content (images, css files, js files, etc.) you will likely get a strong complaint that there are insecure items on the page, or that all insecure items are being ignored. Links to insecure (http) pages may generate a warning that you are leaving a secure page or area. Links to foreign sites may generate a warning even if the site is secure (https). All this behavior is usually a matter of browser settings, so it is not something you can easily control from the server end.

#3   thejudge99

  • Members
  • 120 posts

Posted 17 September 2012 - 14:43

asumming you have something like

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

in your application_top.php you can use everywhere in all pages that reference something not on your own page.

.(($request_type == 'SSL')?"https://":"http://").

for example the google scripts i always use

html5shiv looks like this

<!--[if lt IE 9]>
<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://html5shiv.googlecode.com/svn/trunk/html5.js"></script>

jquery scripts look like this

<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://ajax.googleapis.com/ajax/libs/jqueryui/1.8.21/jquery-ui.min.js" type="text/javascript"></script>

this will automatically use http or https and eliminate all warnings.


#4   drofe

  • Members
  • 36 posts

Posted 04 January 2013 - 09:14

I am getting the same problem on Internet Explorer 9 and also on Google Chrome.

#5   drofe

  • Members
  • 36 posts

Posted 05 January 2013 - 00:26

Now fixed by changing the method used to detect the SSL server as per CSS not working with secure server in IE.