DarthVader Posted July 27, 2003 Posted July 27, 2003 Hi, OK, I know there has been a thousand posts on this but there is still not one definitve answer. I run my own Win2K server, IIS5 and a dedicated SSL certificate. (Please no 'use Apache only') HTTPS is on. Configure.php is correct etc. Interstingly, if I chose 'no' to 'do you wish to display nonsecure items' everything still appears so I can't tell what image or text is causing the problem. I tried the suggestion to swop HTTP and HTTPS in each required php file and that kind of worked BUT the padlock does NOT display. So what is the fix?? Anyone any new ideas? Thanks.
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 I have just looked at the IIS log and it seems the 2 offenders when switching to https are stylesheet.css and test.jpg (the image I replaced oscommerce.gif in the top left corner). So how can I get these 2 files to be seen as secure?? Thanks for any help ..it would be trul appreciated.
stretchr Posted July 27, 2003 Posted July 27, 2003 Hi, OK, I know there has been a thousand posts on this but there is still not one definitve answer. I run my own Win2K server, IIS5 and a dedicated SSL certificate. (Please no 'use Apache only') ... So what is the fix?? Anyone any new ideas? Thanks. FWIW, I am using Apache and getting the same error messages. I even went one step further and saved the view source from the page when I choose to display the insecure items and then saved the view source from the page when I choose NOT to display. I diff'd both with Beyond Compare and they are IDENTICAL! How can that be so? Hope someone here has some ideas. Thanks, Stretchr "It's a small world... But I wouldn't want to paint it!" Stephen Wright
Guest Posted July 27, 2003 Posted July 27, 2003 You probably put an image as background in your stylesheet like this url(images/coureur-index.gif) now try changing your path to url(https://yourdomain.com/images/coureur-index.gif) HTH The_Beasr
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 You probably put an image as background in your stylesheet like this url(images/coureur-index.gif) now try changing your path to url(https://yourdomain.com/images/coureur-index.gif) HTH The_Beasr For my part, I do not have a background image in the stylesheet nor any reference to an image in that file. I can't understand why everything still appears on the webpage whether you choose to view secure or nonsecure. I am going to concentrate on the 'oscommerce.gif' image in the top left that is referred to in header.php. It must not be called from a secure area for some reason. Does anyone know what the numbers mean at the end of each of the IIS logfile entries e.g 304, 403 502 etc? When I choose 'No' to 'do you want to display the nonsecure items' the page appears with everything there AND the padlock. When I choose "yes', the page appears WITHOUT the padlock. I would have thought it would be the other way around?? Anyone any ideas what in the name of sam is going on?
stretchr Posted July 27, 2003 Posted July 27, 2003 You probably put an image as background in your stylesheet like this... Nope. No image in stylesheets. As with the post by DarthVader, everything shows up no matter which choice I make. It's simply an unnecessary annoyance at this point. One I would dearly like to get rid of! Thanks for the taking time to reply. Cheers, Stretchr "It's a small world... But I wouldn't want to paint it!" Stephen Wright
Guest Posted July 27, 2003 Posted July 27, 2003 you have a number of images with a non relative path e.g. <TD ROWSPAN=2> <IMG SRC="/images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="/images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="/images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> you need to remove the leading /
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 Hi Meltus, While file would contain these entries? I can't find this.
Guest Posted July 27, 2003 Posted July 27, 2003 i was responding to strechrs post. You haven't posted a URL so I can't see what is causing your problem
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 Looking at stretchr's site, I can't see what the problem is. I go to cart contents or checkout and the padlock appears no problem and no prompt. Am I the only one to have this problem? I can't believe that - it must be something simple!
Guest Posted July 27, 2003 Posted July 27, 2003 if you make sure all your references to images are relative or you use tep_image to call them you will be fine. i.e. <img src='test.jpg'> rather than <img src="/test.jpg"
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 if you make sure all your references to images are relative or you use tep_image to call them you will be fine. i.e. <img src='test.jpg'> rather than <img src="/test.jpg" All references to image are tep_image and all display whether secure or nonsecure. Anything left to check?
Guest Posted July 27, 2003 Posted July 27, 2003 when you view source what does the image tag say for test.jpg?
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 when you view source what does the image tag say for test.jpg? https://www.mydomain.com/images/test.jpg
stretchr Posted July 27, 2003 Posted July 27, 2003 you have a number of images with a non relative pathe.g. <TD ROWSPAN=2> <IMG SRC="/images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="/images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="/images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> you need to remove the leading / Sorry. When you look at View Source, it shows the full path and all of those are https. You're saying if I put the secure URL instead of the relative path, that may take care of my problem? I'll give it a try. Thanks. Cheers, Stretchr "It's a small world... But I wouldn't want to paint it!" Stephen Wright
Guest Posted July 27, 2003 Posted July 27, 2003 Sorry. When you look at View Source, it shows the full path and all of those are https. You're saying if I put the secure URL instead of the relative path, that may take care of my problem? no, you need it to be relative to the base url. some of your images have a leading slash - hence they are not relative. <TD ROWSPAN=2> <IMG SRC="/images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="/images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="/images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> should be <TD ROWSPAN=2> <IMG SRC="images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> and darthvader: if that is what the image tag says then that one is secure. in your logs you say it shows as insecure, so no idea on that one. In general look through your view source - check the base url is correct, and then make sure all the image references are relative to it (or the full URL).
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 Nice one Meltus! You hit the nail on the head when you saw that it was an image causing the problem and in my case it was - well a Flash SWF file. The entry in my header.php included the following: <td valign="right"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" The codebase URL was unsecure - that was the problem! So I changed it from http to https and voila - padlock up on every https page and no more messages. OK everyone, I know this problem is common out there so if you do have have a flash file in your website and it appears in your secure pages - make sure you refer to Macromedia on https and NOT http. Thanks again Meltus!
stretchr Posted July 27, 2003 Posted July 27, 2003 some of your images have a leading slash - hence they are not relative. <TD ROWSPAN=2> <IMG SRC="/images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="/images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="/images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> should be <TD ROWSPAN=2> <IMG SRC="images/header_01.jpg" WIDTH=418 HEIGHT=120 ALT=""></TD> <TD> <IMG SRC="images/hosting.jpg" WIDTH=296 HEIGHT=53 ALT=""></TD> <TD> <IMG SRC="images/header_03.jpg" WIDTH=86 HEIGHT=53 ALT=""></TD> O.K. I've changed all of them but I'm still getting the warning. I also had one in the footer that I changed. Any other ideas? BTW, thanks for lending a hand. Cheers, Stretchr "It's a small world... But I wouldn't want to paint it!" Stephen Wright
DarthVader Posted July 27, 2003 Author Posted July 27, 2003 Hi Stretchr, Do you have ANY reference to any external URL in any of your pages? If so the old flash trick applies here likewise - change all URLs commencing http to https.
stretchr Posted July 28, 2003 Posted July 28, 2003 Hi Stretchr, Do you have ANY reference to any external URL in any of your pages? If so the old flash trick applies here likewise - change all URLs commencing http to https. I've done a couple of Finds with Dreamweaver so if they're there, I haven't been able to find any. "It's a small world... But I wouldn't want to paint it!" Stephen Wright
Guest Posted July 28, 2003 Posted July 28, 2003 you have a styleshhet reference that is not relative <link href="/style/stylesheet.css" rel="stylesheet" type="text/css">
stretchr Posted July 30, 2003 Posted July 30, 2003 you have a styleshhet reference that is not relative <link href="/style/stylesheet.css" rel="stylesheet" type="text/css"> Found it. Thanks. Unfortunately, still no joy. "It's a small world... But I wouldn't want to paint it!" Stephen Wright
stretchr Posted August 1, 2003 Posted August 1, 2003 i get a padlock on my screen i get a padlock on my screen I know. I'm just still getting the secure/unsecure error. Just put a cert on here today and I'm trying to get that Security Check mod to work but for now, I'm having to live with the images error. I am also getting an error now about the SupportLive logo but I'm not concerned about that. Arrrrgggggg! This is FRUSTRATING! :crazy: "It's a small world... But I wouldn't want to paint it!" Stephen Wright
stretchr Posted August 1, 2003 Posted August 1, 2003 i get a padlock on my screen I used the Check Secure mod and there were no config errors and no images listed as being problematic. Any suggestions on how to resolve this issue? If not, should I start a new thread or post this somewhere else to get help? This is truly frustrating! Cheers, Stretchr "It's a small world... But I wouldn't want to paint it!" Stephen Wright
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.