kotaro Posted March 2, 2010 Share Posted March 2, 2010 Firefox works well. IE gives me a Security Warning when a user is logged in. In IE8 it displays the following error message: "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." After I click NO everything continues to work fine. If I click YES it doesn't display some images that I link to but still works fine. How can I fix that? Thank you Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted March 2, 2010 Share Posted March 2, 2010 Firefox works well. IE gives me a Security Warning when a user is logged in. In IE8 it displays the following error message: "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." After I click NO everything continues to work fine. If I click YES it doesn't display some images that I link to but still works fine. How can I fix that? Thank you The images that do not get displayed when you click yes are NOT IN the path of the secure server. Put them there. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
kotaro Posted March 2, 2010 Author Share Posted March 2, 2010 The images that do not get displayed when you click yes are NOT IN the path of the secure server. Put them there. Thanks for quick reply. What if it is a badge from Facebook that is on every page? So when I go to www.domain.com/account.php it still gives me warning. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted March 2, 2010 Share Posted March 2, 2010 Thanks for quick reply. What if it is a badge from Facebook that is on every page? So when I go to www.domain.com/account.php it still gives me warning. All of my 'social bookmarks' images are stored locally. Is your site ALL in https? The only part that really needs to be is the login pages and the cart, maybe. the social bookmarks can be left off those pages. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
kotaro Posted March 2, 2010 Author Share Posted March 2, 2010 All of my 'social bookmarks' images are stored locally. Is your site ALL in https? The only part that really needs to be is the login pages and the cart, maybe. the social bookmarks can be left off those pages. Where can I change the settings on what is under HTTPS? Link to comment Share on other sites More sharing options...
kotaro Posted March 2, 2010 Author Share Posted March 2, 2010 Where can I change the settings on what is under HTTPS? Figured out most of it was due to images, thank you. I still have some javascript that is being remotely called and that creates the same warning message. Is there a way to fix that too? Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted March 2, 2010 Share Posted March 2, 2010 In your configure.php file your catalog http server should not show as https://..... I don't know any other reason why it would do that. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
germ Posted March 2, 2010 Share Posted March 2, 2010 Figured out most of it was due to images, thank you. I still have some javascript that is being remotely called and that creates the same warning message. Is there a way to fix that too? <?php if ( $request_type == 'NONSSL' ) { ?> ******** DELETE THIS LINE AND PUT YOUR REMOTE JAVA SCRIPT CODE HERE ******** <?php } ?> You just have to fix it so it doesn't load on HTTPS pages. You can't load scripts or images from HTTP sources on HTTPS pages. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
kotaro Posted March 3, 2010 Author Share Posted March 3, 2010 Thanks for the help guys, will try all the above fixes! Link to comment Share on other sites More sharing options...
kotaro Posted March 3, 2010 Author Share Posted March 3, 2010 In your configure.php file your catalog http server should not show as https://..... I don't know any other reason why it would do that. I looked at both configure files and here is what they look like: catalog/includes/configure.php define('HTTP_SERVER', 'http://www.domain.com'); define('HTTPS_SERVER', 'https://www.domain.com'); .... and admin/includes/configure.php define('HTTP_SERVER', 'http://www.domain.com'); define('HTTP_CATALOG_SERVER', 'http://www.domain.com'); define('HTTPS_CATALOG_SERVER', 'https://www.domain.com'); Is that correct? Link to comment Share on other sites More sharing options...
germ Posted March 3, 2010 Share Posted March 3, 2010 I looked at both configure files and here is what they look like: catalog/includes/configure.php define('HTTP_SERVER', 'http://www.domain.com'); define('HTTPS_SERVER', 'https://www.domain.com'); .... and admin/includes/configure.php define('HTTP_SERVER', 'http://www.domain.com'); define('HTTP_CATALOG_SERVER', 'http://www.domain.com'); define('HTTPS_CATALOG_SERVER', 'https://www.domain.com'); Is that correct? If the SSL cert was issued with the "www." it looks OK. Some are - some aren't. Nothng you do in the config file is going to get you do display the remote script without warnings if it comes from a HTTP source. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
kotaro Posted March 3, 2010 Author Share Posted March 3, 2010 If the SSL cert was issued with the "www." it looks OK. Some are - some aren't. Nothng you do in the config file is going to get you do display the remote script without warnings if it comes from a HTTP source. Fixed it. Thank you! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.