I just found out from one of my customers today that she is getting a security warning when she tries to see her cart in my site. She is using Internet Explorer and is getting pop up windows asking her if she wants to view only secure content. However, once it comes up on the cart page once it displays for all the pages.
I’m working in Firefox and am not seeing the warning so I had no clue it was there. But when I went to investigate I found that it shows in some variation in both Chrome and Safari, but not in Opera. The warning says the SSL cert is good, but other parts of the page may be unsecure. Very alarming to read that for most customers.
I had a sideblock with AddThis script in it which I took off. Helped on some of the browsers, but not on Chrome or IE8.
Does anyone have some ideas what else might be causing this. I’d like to figure out how to get rid of it as I want to put AddThis back on and because I still have it showing so something else is there, and just so I don’t inadvertently add something in future that will cause it again.
Thanks,
Jodi
You are probably getting it on all pages if you have the settings on staying on https after entering an https page.
Check all your external js, links and images and make sure they are all https on the checkout page, and probably disable the function as described on top.
A default installation of Internet Explorer has some security settings that can be annoying at times though technically they are the correct way to have things configured. One that will pop up a lot if the default settings is left untouched the the display of “mixed content†or display a HTTPS URL that has HTTP content mixed into it. Technically when visiting a secure webpage being delivered over SSL there should not be any HTTP items on the page as it leaves the door open for a security breach. The problem is there are a ton of web sites out there that display mixed content.
Error message in IE 7 and earlier:
“This page contains both secure and nonsecure items”
Error message in IE 8:
“Do you want to view only the webpage content that was delivered securely?”
This problem arises when an https-enabled page includes http content like images. Different browsers and browser versions provide varying security alerts.
This prompt can either be disabled to never ask and at the same time never show non secure content on secure pages or you can enable the ability for the browser to display mixed content on secure pages.
To disable the display of mixed content prompt go to:
- Internet Options > Tools in the top navigation and select Internet Options from the drop down
- Custom Level Security: Now click on the Security tab and then click the Custom Level button near the bottom of the Security tab
- Modify Mixed Content Prompt: Scroll down to the Miscellaneous section where you can select Disable, Prompt, or Enable for the “Display mixed content†option as shown in the below image
Save Settings: Once you have made your selection click the OK button, then the Apply button, and then the OK button to close Internet Options.
Restart your browser for the changes to start working. You will no longer get the prompt if you changed to Disable or Enable however if Disable was selected some pages may be missing images or other objects. If you did select Disable know that you made the correct choice when it comes to being secure online.
For web sites owners with SSL (HTTPS) sites
This happens when some part of the webpage tries to load content from a nonsecured source of another webpage. This content could be JavaScripts, images and/or even frames within the webpage.
Example:
If you look at the source code for a secure webpage (address bar contains https:// in the beginning).
This tag in a secured website may cause the error message to display. If you click on ‘No’, the website will still be secured, however the image may not display to keep the website secured. When you are dealing with an entire frame or even the CSS (Cascading Style Sheet) being pulled from another place that is unsecured, clicking on ‘No’ will completely distort the webpage. There are a few solutions to try when fixing this, however as the possibilities are endless, this article will only focus on the above string to give the reader an idea on what could be causing the issue.
Solution 1 - Change the links to https://
Whenever you see http:// in the source code, you should change it to https://
This method however may not work if the webpage that the image is being loaded from does not have an SSL Certificate installed on it. This method also loads the SSL images when the client is loading from a nonsecure page. This will provide a longer processing load on both the client and the server meaning that solution 1 is not recommended for a high volume site.
Solution 2 - Change all the links to //
Instead of changing the source code from http:// to https://, change them to just //
Solution 3 - Make the links relative
Providing that all the images, css files, js etc. are located within the same domain, you can access them relatively, rather than absolutely.
Thank you Moka and Indy. I’ll take a look at your suggestions and see what I can do with this now.
Did you ever figure this one out?
We had the same problem and found out it was a newsletter that was pointing off the site. But what was odd is we took the script out, but it took a full 24 hours for the browser to no longer throw errors.
[quote name=‘LarryU’]Did you ever figure this one out?
We had the same problem and found out it was a newsletter that was pointing off the site. But what was odd is we took the script out, but it took a full 24 hours for the browser to no longer throw errors.[/quote]
Hi, did you clear your browser cache?
some code i think is bad for ssl security. I am not getting the same error in chrome and explorer. but I get in firefox. The latest version has a small mistake I guess. I uninstalled the program and re-download Firefox. s category pages can not see where we stopped.
[quote name=‘crazyshark20’]some code i think is to bad for ssl security. I am not getting the same error in chrome and explorer. but I get in firefox.[/quote]
CS-Cart code regarding SSL (https coding) is ok and doesn’t make any problems. The only problem could be:
- the certificate (not compatible for some browsers)
- your server settings
- or the certificate isn’t installed correctly
I had a friend in different cities in the testing site. Some also gave the same error. There is no problem with some friend.
The biggest cause of this is having some images added that use a full URL rather than a relative one. This causes it to be insecure data and the browser is doing exactly what it should be doing.
Do a “view source” of the cart page when you are in https. Then do a search in the source for ‘http:’ If you find any, you’ve found your culprit.