Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Internet Explorer Non-Secure Images but...


ninthvector

Recommended Posts

Internet Explorer 6 and 7 are both giving the non-secure warning when you go to checkout, but the site is set up as both http and https (Plesk share secure and non-secure) with an SSL. Firefox works just fine and displays the SSL correctly, but the IE's want to call the images from http instead of https (which on this server is the same thing).

I used suggestions from another post and used the full path:

  define('HTTP_SERVER', 'http://mydomain.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://mydomain.com'); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('ENABLE_SSL_CATALOG', true);
 define('HTTP_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'https://mydomain.com/catalog/images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Any suggestions as to why this isn't working?

Link to comment
Share on other sites

Internet Explorer 6 and 7 are both giving the non-secure warning when you go to checkout, but the site is set up as both http and https (Plesk share secure and non-secure) with an SSL. Firefox works just fine and displays the SSL correctly, but the IE's want to call the images from http instead of https (which on this server is the same thing)... Any suggestions as to why this isn't working?

As far as I know the following should work:

  define('HTTP_SERVER', 'http://mydomain.com'); // eg, [url="http://localhost"]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://mydomain.com'); // eg, [url="https://localhost"]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('ENABLE_SSL_CATALOG', true);
 define('HTTP_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

You could try changing the config back to be like the above and then use Firefox Tools->Page Info (Ctrl-I) and click the Media tab to see exactly what images are being requested as http and/or https. It may be that just one image is the offender. Perhaps there's a similar way to list the image files in IE (booted in Linux so can't check just now), but Firefox and IE should in theory be requesting exactly the same files. Could it be that one of the contributions you're using is doing something a bit naughty with images?

 

Do you make use of CSS and/or style sheets that use background images? That could also be a potential culprit?

Link to comment
Share on other sites

You could try changing the config back to be like the above and then use Firefox Tools->Page Info (Ctrl-I) and click the Media tab to see exactly what images are being requested as http and/or https.

 

Do you make use of CSS and/or style sheets that use background images? That could also be a potential culprit?

 

I checked it and images are being called as http://www., https://, and http://

The site does use CSS and background images and some of the image files being called in html are using full paths (ie http://www.mydomain.com/catalog/img.jpg) Will I need to go through the html and css and change all of these? Thank you so much for your quick reply and insight, failsafe.

Link to comment
Share on other sites

in the link that you referenced this remedy was suggested:

kay I think I've found the culprit for all you win32 people that are having a problem with the ssl giving you that warning about displaying nonsecure etc when switching over to secure page.

The culprit is the "getenv('HTTPS')" for the

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

on all the various pages. Apparently if you use the sapi/isapi php module for apache OR IIS, then the getenv() function does not work. I found this out with my dealings with displaying the parse times on the bottom of the page.

Simply do a search for
getenv('HTTPS')
and replace with
$_SERVER["HTTPS"]

 

Unfortunately it didn't fix the issue and the IE's are still erroring out:

This page contains both secure and nonsecure items. Do you want to display the nonsecure items?

Link to comment
Share on other sites

I checked it and images are being called as http://www., https://, and http://

The site does use CSS and background images and some of the image files being called in html are using full paths (ie http://www.mydomain.com/catalog/img.jpg) Will I need to go through the html and css and change all of these? Thank you so much for your quick reply and insight, failsafe.

In short, yes! :)

 

You should make the CSS background images not reference the protocol (http: or https:). You could still use absolute paths if your SSL and NonSSL root directories are the same, which it sounds like they are in your case... i.e. you could start the background image url paths in the CSS file using a leading / from web server root directory (not the UNIX root directory). Otherwise you'd have to use relative paths to the image files.

 

I assume these image files are part of your osCommerce directory structure and are not elsewhere on someone else's website? If they are elsewhere then you'd need to copy them to implement the above.

 

See if that fixes your problem.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...