Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Warning in IE


kotaro

Recommended Posts

Firefox works well.

IE gives me a Security Warning when a user is logged in. In IE8 it displays the following error message:

 

"Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."

 

After I click NO everything continues to work fine. If I click YES it doesn't display some images that I link to but still works fine.

 

How can I fix that?

 

Thank you

Link to comment
Share on other sites

Firefox works well.

IE gives me a Security Warning when a user is logged in. In IE8 it displays the following error message:

 

"Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage."

 

After I click NO everything continues to work fine. If I click YES it doesn't display some images that I link to but still works fine.

 

How can I fix that?

 

Thank you

The images that do not get displayed when you click yes are NOT IN the path of the secure server. Put them there.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

The images that do not get displayed when you click yes are NOT IN the path of the secure server. Put them there.

Thanks for quick reply.

What if it is a badge from Facebook that is on every page? So when I go to www.domain.com/account.php it still gives me warning.

Link to comment
Share on other sites

Thanks for quick reply.

What if it is a badge from Facebook that is on every page? So when I go to www.domain.com/account.php it still gives me warning.

All of my 'social bookmarks' images are stored locally.

 

Is your site ALL in https? The only part that really needs to be is the login pages and the cart, maybe. the social bookmarks can be left off those pages.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

All of my 'social bookmarks' images are stored locally.

 

Is your site ALL in https? The only part that really needs to be is the login pages and the cart, maybe. the social bookmarks can be left off those pages.

Where can I change the settings on what is under HTTPS?

Link to comment
Share on other sites

Where can I change the settings on what is under HTTPS?

Figured out most of it was due to images, thank you.

I still have some javascript that is being remotely called and that creates the same warning message. Is there a way to fix that too?

Link to comment
Share on other sites

Figured out most of it was due to images, thank you.

I still have some javascript that is being remotely called and that creates the same warning message. Is there a way to fix that too?

<?php
 if ( $request_type == 'NONSSL' ) {
?>

******** DELETE THIS LINE AND PUT YOUR REMOTE JAVA SCRIPT CODE HERE ********

<?php
 }
?>

You just have to fix it so it doesn't load on HTTPS pages.

 

You can't load scripts or images from HTTP sources on HTTPS pages.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

In your configure.php file your catalog http server should not show as https://.....

 

I don't know any other reason why it would do that.

I looked at both configure files and here is what they look like:

catalog/includes/configure.php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTPS_SERVER', 'https://www.domain.com');

....

 

and

admin/includes/configure.php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTP_CATALOG_SERVER', 'http://www.domain.com');

define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');

 

Is that correct?

Link to comment
Share on other sites

I looked at both configure files and here is what they look like:

catalog/includes/configure.php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTPS_SERVER', 'https://www.domain.com');

....

 

and

admin/includes/configure.php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTP_CATALOG_SERVER', 'http://www.domain.com');

define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');

 

Is that correct?

If the SSL cert was issued with the "www." it looks OK. Some are - some aren't.

 

Nothng you do in the config file is going to get you do display the remote script without warnings if it comes from a HTTP source.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If the SSL cert was issued with the "www." it looks OK. Some are - some aren't.

 

Nothng you do in the config file is going to get you do display the remote script without warnings if it comes from a HTTP source.

 

Fixed it.

 

Thank you!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...