Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

Mrmike

Internet Explorer 'only secure content is displayed' and social bookmarks

5 posts in this topic

Thought I'd post this in case anyone else has the same problem.

 

The store I've been working on was generating the bar across the bottom of Internet Explorer that says 'Only Secure Content is Displayed'

 

The entire store is protected by the hosts server side SSL as well as a geoTrust cert. as per the clients wishes to have the URL bar padlock displayed regardless of whether the visitor is in a secure section of the store or not.

 

After some digging I realized that what was causing the message was the Social Bookmarks module, specifically the LIKE facebook and Twitter TWEET buttons and the regular links to those two sites.

 

To solve this problem open:

 

catalog/includes/modules/social_bookmarks/sb_facebook_like.php and the relevant files for facebook, twitter and the twitter button, scroll down to the URL's for facebook and twitter <iframe source="http:// ... " > and simply change http to https

 

this will prevent IE from annoying or confusing, and possibly scaring away your visitors with the security message pop up

Share this post


Link to post
Share on other sites

That will work only if the "foreign" site such as FB or TW supports https access. If they don't, you'll get an error. If you are referencing your own site (just a different page), just give a relative or absolute HTML path, without http[ s ]://yourdomain. The browser will attach http://yourdomain or https://yourdomain to match whatever mode this page is. If that's a problem, you'll have to explicitly give the http://yourdomain or https://yourdomain.

 

What kind of warnings/errors you get when putting http items on an https page depends on what the item is. If it's embedded content (images, css files, js files, etc.) you will likely get a strong complaint that there are insecure items on the page, or that all insecure items are being ignored. Links to insecure (http) pages may generate a warning that you are leaving a secure page or area. Links to foreign sites may generate a warning even if the site is secure (https). All this behavior is usually a matter of browser settings, so it is not something you can easily control from the server end.

Share this post


Link to post
Share on other sites

asumming you have something like

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

in your application_top.php you can use everywhere in all pages that reference something not on your own page.

 

.(($request_type == 'SSL')?"https://":"http://").

 

for example the google scripts i always use

 

html5shiv looks like this

 

<!--[if lt IE 9]>
<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->

 

jquery scripts look like this

 

<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
<script src="<?php echo (($request_type == 'SSL') ? 'https' : 'http'); ?>://ajax.googleapis.com/ajax/libs/jqueryui/1.8.21/jquery-ui.min.js" type="text/javascript"></script>

 

this will automatically use http or https and eliminate all warnings.

 

Jules

Share this post


Link to post
Share on other sites

I am getting the same problem on Internet Explorer 9 and also on Google Chrome.

Share this post


Link to post
Share on other sites