barrystein Posted April 14, 2013 Share Posted April 14, 2013 (edited) Running 1.4.9 at Bluehost. http://www.Homeschool-Shelf.com When going through the check out process in Google Chrome. Some of the pages will start coming up with an SSL checkout error saying: "However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an hacker trying to change the look of the page." I have looked through the source code and added https to the facebook find us on facebook block The only other questionable is the src="//verify.authorize.net/anetseal/seal.js" doesn't have https, but I have to think authorize.net gave me the right code. any idea what the problem is.... Edited April 16, 2013 by barrystein (see edit history) Link to comment Share on other sites More sharing options...
vekia Posted April 14, 2013 Share Posted April 14, 2013 change its url to https:// - it works with https fine: https://verify.authorize.net/anetseal/seal.js what is this exactly? this is some module? or what? Link to comment Share on other sites More sharing options...
barrystein Posted April 14, 2013 Author Share Posted April 14, 2013 It is from the code that authorize.net gives you to put on your site so someone can click it and verify your website with authorize.net. I don't really think I should alter the code they give me.... change its url to https:// - it works with https fine: https://verify.autho...netseal/seal.js what is this exactly? this is some module? or what? Link to comment Share on other sites More sharing options...
barrystein Posted April 14, 2013 Author Share Posted April 14, 2013 The link automatically changes to https when in checkout mode...and when clicked the verify page pop up comes up in https as well - so I don't think that this is the problem.... change its url to https:// - it works with https fine: https://verify.autho...netseal/seal.js what is this exactly? this is some module? or what? Link to comment Share on other sites More sharing options...
vekia Posted April 14, 2013 Share Posted April 14, 2013 well, chrome shows this communicate when you tried to load some "unsafe" external content without ssl (https://) cert You have to check page source for non-secured urls with "http://" instead of "https://" then try to change it values to https (i know that this may be painfull work but it is the only way to fix it). You can also turn of ssl, but it isn't solution Link to comment Share on other sites More sharing options...
barrystein Posted April 14, 2013 Author Share Posted April 14, 2013 only https show up after all src= there are numerous http after href= however I thought that src= brings content onto the page - so that has to be https where as href= is only a link off the page to also any href= that is followed by // should be ok as it picks up the https from the page also when the SSL returns no error - the code on the page looks exactly the same... but for some reason at different stages in the process the error shows up when the code is the same. I am starting to think this is a bug in 1.4.9 well, chrome shows this communicate when you tried to load some "unsafe" external content without ssl (https://) cert You have to check page source for non-secured urls with "http://" instead of "https://" then try to change it values to https (i know that this may be painfull work but it is the only way to fix it). You can also turn of ssl, but it isn't solution Link to comment Share on other sites More sharing options...
Bill Dalton Posted April 15, 2013 Share Posted April 15, 2013 Very interesting problem. I agree that it is only in Chrome that this happens. What makes it even more interesting is that it only occurs with a page refresh. For example you mention that it happens on some of your checkout pages, but it is not the checkout page that is the problem. It happens whenever you refresh an SSL page. To confirm this behaviour simply go to your homepage using Chrome, and at the bottom click on the "Contact" link. This will take you to an SSL page. Now hit your refresh button and bang!!!, your SSL is now dirty. I'm not a CSS guy, but the only thing that shows in Chrome script console (when you hit CTRL = SHIFT = J ) is this line in your global.css <div id="comm100_FloatImageButton2" style="visibility: hidden; position: absolute; cursor: pointer; z-index: 9996; left: 0px; top: 0px; display: none;"></div> I don't know if that is the problem, but it wouldn't hurt to remove it and see what happens. Link to comment Share on other sites More sharing options...
barrystein Posted April 15, 2013 Author Share Posted April 15, 2013 (edited) Bill, I removed the code, and the SSL is still dirty - so that must not be the problem also In chrome...When I first go to hit checkout, SSL works fine. If I hit refresh... I get the dirty SSL again. When I look at the Chrome Script console this time.... nothing comes up... so I doubt it is that code... Very interesting problem. I agree that it is only in Chrome that this happens. What makes it even more interesting is that it only occurs with a page refresh. For example you mention that it happens on some of your checkout pages, but it is not the checkout page that is the problem. It happens whenever you refresh an SSL page. To confirm this behaviour simply go to your homepage using Chrome, and at the bottom click on the "Contact" link. This will take you to an SSL page. Now hit your refresh button and bang!!!, your SSL is now dirty. I'm not a CSS guy, but the only thing that shows in Chrome script console (when you hit CTRL = SHIFT = J ) is this line in your global.css <div id="comm100_FloatImageButton2" style="visibility: hidden; position: absolute; cursor: pointer; z-index: 9996; left: 0px; top: 0px; display: none;"></div> I don't know if that is the problem, but it wouldn't hurt to remove it and see what happens. Edited April 15, 2013 by barrystein (see edit history) Link to comment Share on other sites More sharing options...
Bill Dalton Posted April 15, 2013 Share Posted April 15, 2013 This might be the problem. You can see this in Chrome by going to Tools > Developer Tools When that console opens, click the wheel icon on the bottom right for settings. In the General section disable Java Script. Now with that open go to your SSL Contact Page and refresh Bingo! with JS turned off the script for your SSL Seal from Godaddy doesn't fire and doesn't show on the Clean Page. Turn the JS back on and reload the page and you should be able to get the Seal to show once Clean, but the next refresh Dirty. This is the complaint from Google Chrome. Resource interpreted as Script but transferred with MIME type text/html: "https://seal.godaddy.com/getSeal?sealID=4VW4mW9NkWDcbThUk0IvyrWLyWjHc1qrWHnmM6TCbVzK9Xj1CtbArkP" Link to comment Share on other sites More sharing options...
Bill Dalton Posted April 15, 2013 Share Posted April 15, 2013 Looks like it has been a problem for a while, http://support.godaddy.com/groups/go-daddy-customers/forum/topic/site-seal-incorrect-content-type/ Link to comment Share on other sites More sharing options...
barrystein Posted April 15, 2013 Author Share Posted April 15, 2013 Bill, Thanks for that. I have a support ticket sent into Godaddy... I will see what their response is... Looks like it has been a problem for a while, http://support.godad...t-content-type/ Link to comment Share on other sites More sharing options...
barrystein Posted April 15, 2013 Author Share Posted April 15, 2013 (edited) Bill, It is *not* the godaddy seal. Godaddy had me remove the seal code. When I do the ssl contact page still returns an error when it is refreshed... so it must be someother java script that is causing it... any ideas? I also tried removing the authorize.net seal as that disappears when java script is turned off as well, but with the code for that removed, I still get the error when I refresh the ssl contact page as well.... Bill, Thanks for that. I have a support ticket sent into Godaddy... I will see what their response is... This might be the problem. You can see this in Chrome by going to Tools > Developer Tools When that console opens, click the wheel icon on the bottom right for settings. In the General section disable Java Script. Now with that open go to your SSL Contact Page and refresh Bingo! with JS turned off the script for your SSL Seal from Godaddy doesn't fire and doesn't show on the Clean Page. Turn the JS back on and reload the page and you should be able to get the Seal to show once Clean, but the next refresh Dirty. This is the complaint from Google Chrome. Resource interpreted as Script but transferred with MIME type text/html: "https://seal.godaddy.com/getSeal?sealID=4VW4mW9NkWDcbThUk0IvyrWLyWjHc1qrWHnmM6TCbVzK9Xj1CtbArkP" Edited April 15, 2013 by barrystein (see edit history) Link to comment Share on other sites More sharing options...
Bill Dalton Posted April 16, 2013 Share Posted April 16, 2013 Found it! You were right, there is a bug in PS 1.4.9 Here is a work around, Go to BO > Modules > Analytics & Stats > Data mining for statistics v1.0 by PrestaShop Click on Configure Set Save page views for each customer to OFF. Truthfully this setting is not worth the increase it causes in the database. It will attempt to give you page information on current visitors Do do so it uses CPU and lots of Database space. That said. To fix the PS bug ... In your Prestashop > Modules > Statsdata, open Statsdata.php and find 2 instances of, $.post("'._PS_BASE_URL__.__PS_BASE_URI__.'statistics.php" First is about line 127 The second is around line 162 You need to add SSL_ to both lines. So, $.post("'._PS_BASE_URL_.__PS_BASE_URI__.'statistics.php" Is like this, $.post("'._PS_BASE_URL_SSL_.__PS_BASE_URI__.'statistics.php" 2 Link to comment Share on other sites More sharing options...
barrystein Posted April 16, 2013 Author Share Posted April 16, 2013 SOLVED: Bill you are a genius. I Set Save page views for each customer to OFF. I also did the same for plug ins. The SSL error is fixed.... and the site is much faster..... Thank you so much... Now if I could just figure out how to set this topic name to SOLVED.... Found it! You were right, there is a bug in PS 1.4.9 Here is a work around, Go to BO > Modules > Analytics & Stats > Data mining for statistics v1.0 by PrestaShop Click on Configure Set Save page views for each customer to OFF. Truthfully this setting is not worth the increase it causes in the database. It will attempt to give you page information on current visitors Do do so it uses CPU and lots of Database space. That said. To fix the PS bug ... In your Prestashop > Modules > Statsdata, open Statsdata.php and find 2 instances of, $.post("'._PS_BASE_URL__.__PS_BASE_URI__.'statistics.php" First is about line 127 The second is around line 162 You need to add SSL_ to both lines. So, $.post("'._PS_BASE_URL_.__PS_BASE_URI__.'statistics.php" Is like this, $.post("'._PS_BASE_URL_SSL_.__PS_BASE_URI__.'statistics.php" 1 Link to comment Share on other sites More sharing options...
vekia Posted April 16, 2013 Share Posted April 16, 2013 wow! very nice knowhow, thanks for sharing this solution, I am convinced that it will be really helpful for similar issues Link to comment Share on other sites More sharing options...
Samantha57820 Posted July 25, 2013 Share Posted July 25, 2013 I have the exact same issue in 1.5.3.1. I tried adding https to all applicable urls with no luck. I turned off the Data mining as suggested below but when I go to statsdata.php, the instances you mention are no where to be found. I'm assuming they were removed in 1.5?? Any idea??? Found it! You were right, there is a bug in PS 1.4.9 Here is a work around, Go to BO > Modules > Analytics & Stats > Data mining for statistics v1.0 by PrestaShop Click on Configure Set Save page views for each customer to OFF. Truthfully this setting is not worth the increase it causes in the database. It will attempt to give you page information on current visitors Do do so it uses CPU and lots of Database space. That said. To fix the PS bug ... In your Prestashop > Modules > Statsdata, open Statsdata.php and find 2 instances of, $.post("'._PS_BASE_URL__.__PS_BASE_URI__.'statistics.php" First is about line 127 The second is around line 162 You need to add SSL_ to both lines. So, $.post("'._PS_BASE_URL_.__PS_BASE_URI__.'statistics.php" Is like this, $.post("'._PS_BASE_URL_SSL_.__PS_BASE_URI__.'statistics.php" Link to comment Share on other sites More sharing options...
Samantha57820 Posted July 25, 2013 Share Posted July 25, 2013 I resolved my issue by going to whynopadlock.com and correcting all error url's it showed. Link to comment Share on other sites More sharing options...
vekia Posted July 25, 2013 Share Posted July 25, 2013 hello thanks for posting the url to this tool but i've got question, how it works ? i tried to put there some prestashop stores, and i havent got any list of errors (although, in fact, there are problems with ssl) Link to comment Share on other sites More sharing options...
Daniel - PrestaBR Posted August 8, 2013 Share Posted August 8, 2013 That's very tricky... Thanks! Link to comment Share on other sites More sharing options...
sikarep Posted September 4, 2014 Share Posted September 4, 2014 Hi all, It seems that we are getting the same kind of problem, running 1.6.0.8 and using the default-bootstrap theme, we have successfully installed an EV SSL certificate, on all browser, except Chrome, we are getting the green URL. On Chrome, we are getting the https lock with the yellow warning triangle and the message stating that some resources in the page are pointing to insecure pages... So, we have run the chrome inspector and it seems the pages have data submitted over HTTP for the search box and the Newsletter box... see the error messages we got for example for the contact-us page: The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS. contact-us:165 The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS. contact-us:290 and same on on the quick-order page and so on any form pages The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS. quick-order:169 The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS. quick-order:243 We have tried to force the entire site to use https, but the problem continues. I have checked if we had any images or css pointing to http, but definitively it seems to in the core of the prestashop template. Would appreciate any guidance! Thanks! Link to comment Share on other sites More sharing options...
sikarep Posted September 4, 2014 Share Posted September 4, 2014 we have added more info on this topic on another discussion, so not to duplicate it here further, please find the link here http://www.prestashop.com/forums/topic/355246-quick-search-block-module-provokes-unsecure-ssl/?p=1786812 Link to comment Share on other sites More sharing options...
snowlis Posted September 23, 2014 Share Posted September 23, 2014 Anyone have solved this problem? I'm having the same problem on my website in prestashop 1.5.6.2 Link to comment Share on other sites More sharing options...
Recommended Posts