Hi I just added the Secure pages to my website. Everything seems to be working except on checkout pages I get warnings saying that This page contains both secure and non secure content. How can I fix this?
Thanks,
Mon, 07/07/2008 - 12:32
still...any1?
Has anyone else ran into this? It works on any of my other pages except the checkout pages:
cart
cart/checkout
cart/checkout/review
Is there a script or something that's causing this? Thanks, Justin
Re: still...any1?
Yeah someone just had this same issue recently, but they were using the Zen theme.
Basically check all of your CSS and JS links. Chances are there is one that's not being found, and it's throwing a 404, which in turn throws an SSL error.
Hint: Use Fireox and Firebug to determine which script it is.
Re: Re: still...any1?
Thanks Torgos, I found it, it was because I was linking to some scripts with the full url in it.
Re: Re: still...any1?
Hi. This issue occurs in IE 7 because of AJAX requests being made to get payment quotes. Whenever I go to "cart/checkout" URL and it comes to Payment Method calculations (using AJAX) - this message appears "This page contains both: secure and insecure elements...blah ... blah).
Does anyone has an idea of how to solve it? I looked into the code and it doesn't contain any direct http:// requests.
Re: Re: Re: still...any1?
Maybe you want to pay a little more and get a "wildcard certificate" ...then you don't need to worry if someone or a script is requesting URL's with or without the "www" and so on. I had this issue sometimes and the solution was to get the "wildcard certificate" which is accepting "all" subdomains (there are different pricing policies on different issuers... some let you buy 2,3,5 or so domains, just take a look where you bought the cert!
I also had an other issue with similar error... there was a problem with CPanel and the certificate was somehow dropped off... a new install and everything was ok.
Also, there's a possibility to mess up with the renew of the certificate... take a close look, depending the way you renew, you maybe need to install the cert again.
Hope this helps.
PS. According to my statistics, if you don't fix the issue, you're potentially losing more than 50% of your sales (been there, seen it...)
Re: Re: Re: Re: still...any1?
paying a bit more is great
But you can specify rewrite rules in .htaccess file to , say remove www from all requests or vice versa.
For no charge
Re: Re: Re: Re: Re: still...any1?
Did this ever get resolved? I think the payment calculator is one of the things that's causing my page to give a secure & nonsecure content error.
Re: Re: Re: Re: Re: Re: still...any1?
I'm not sure there's anything to resolve, really. It's just a matter of correctly configuring your Secure Pages settings so that the AJAX requests get ignored.
For example, here's a part of my setup:
cart/checkout
cart/checkout/review
cart/checkout/payment_details/*
cart/checkout/get_certificate/*
cart/checkout/get_coupon/*
cart/checkout/complete
uc_paypal/ipn/*
uc_paypal/wps/*
uc_paypal/wps/complete/*
The get_coupon, payment_details, and get_certificate URLs are all javascript callbacks that will break if they are being served as http instead of https, when the rest of the page is https. Adding those URLs (and others that you might need as you add them) is the (so far) best solution.
it happens only when shipping quotes are retrieved.
On my site this only happens when uc retrieves a shipping quote. My guess is it's something in the way the module is displaying the ajax results... Though inspecting in firebug doesn't show any insecure paths.
Re: it happens only when shipping quotes are retrieved.
I'm experiencing this too ... though weirdly it's not when the shipping quote is *retrieved*, it's when a quote is *selected* (I guess the point where it runs off and works out the total of the order with the shipping quote applied).
Actually, looking at the page, I *think* it's happening *after* the "order total preview" is presented ... so it's doing something else that my JS console isn't logging. Does it do anything to work out the available payment methods at this point, or something?
EDITED TO ADD: Uhhh the problem continues even when I've got the "Secure Pages" settings set to a) match all pages and b) not switch back to http if no matches are found. I'm guessing something has a hardcoded http but at this stage I'm really not sure.
Re: Re: it happens only when shipping quotes are retrieved.
If you use Firebug, you can watch the JS callbacks as they happen. If the "unsecure" warning only happens after you submit a shipping quote, for instance, that would explain it. If it happens just as you are entering the page then there is possibly a file missing which is causing a 404. If you have a live site on the web, we could take a look at it.
Re: Re: Re: it happens only when shipping quotes are retrieved.
That would be awesome. Take a peek at www.clickoak.co.uk - there were some other unsecure warnings (mostly due to the WC3 logo and autocomplete fields) but everything else seems to be sorted now ... just this one on selecting a shipping quote.
(Uh, you'll have to enter a valid UK postcode for the shipping address before it will fetch the shipping quotes - M187LL is the one I've been using for testing. Just because that's my home address.)
I did have a good long stare at the JS callbacks through Firefox and the Chrome JS console, but the only thing it's requesting when you pick a quote is https://www.clickoak.co.uk/?q=cart/checkout/line_items ... which is definitely returning correctly since that's the HTML for the price summary, which is displaying fine. And is also definitely secure.
Re: Re: Re: Re: it happens only when shipping quotes are retriev
Hugely sorry for the delay. The one thing I did notice was that there is a "form action='http:'" bit of code, which is the form action for the "Newsletter" block. If I were you I'd configure that block to not display on the cart/checkout page. Give that a whirl and see if you still get that message.
Alternatively, the module that runs that block could be patched to switch to https if it's required.
Find a solution?
KingAndy, did you ever find a solution to your problem? I'm having the same issue of getting the Secure/Non-Secure warning in IE not when the page loads but when a JS function is called by the form element. (Everything being served is secure.)
Followup
I found a relevant discussion here:
http://www.ubercart.org/forum/development/6370/page_contains_both_secure...
Since I'm using 5.x-1.9, the patch wasn't applicable. Instead, I made all javascript references to the throbber.gif image in the ubercart js files absolute with a https:// prefix. Seems to have fixed it.