Forces page to SSL, but not images/other elements on page
Permalink Browser Info Environment
I added this attribute to a page, and the page does successfully force to https:. But the page contains many insecure (unsecure?) items. For example, images in the theme folder and .css and .js files from an addon folder are all served from http:
For example, Firebug gives these 2 messages:
Loading mixed (insecure) display content on a secure page
"http://www.xxxxx.xxx/themes/xxx/images/header.bg.png"
Blocked loading mixed active content "http://www.xxxxx.xxx/packages/forms_with_paypal_payment/blocks/form_with_paypal_payment/jquery-ui-1.8.18.custom.css"
Is there something else I need to do to make sure all the content on the page is served from https:?
Otherwise, it doesn't really serve the purpose.
If anyone has encountered this previously and solved it, I would appreciate any help.
Thanks much!
Tim
For example, Firebug gives these 2 messages:
Loading mixed (insecure) display content on a secure page
"http://www.xxxxx.xxx/themes/xxx/images/header.bg.png"
Blocked loading mixed active content "http://www.xxxxx.xxx/packages/forms_with_paypal_payment/blocks/form_with_paypal_payment/jquery-ui-1.8.18.custom.css"
Is there something else I need to do to make sure all the content on the page is served from https:?
Otherwise, it doesn't really serve the purpose.
If anyone has encountered this previously and solved it, I would appreciate any help.
Thanks much!
Tim
| Type: | Discussion |
|---|---|
| Status: | New |
I would also like to know how to force all page elements to HTTPS, otherwise the page still appears to not be secure.
You don't 'Force' all elements on a page to be secure. You code the site correctly to work on secure or non-secure pages. All limks should be relative links. External links can either use '//' as the protocol, or should detect the protocol and use the correct one.
ForceSSL cannot and does not address this issue. It is an issue for the developer to address.
However, having said all of that, if you send me a link to the site in question, I'll be happy to take a look and offer advice on how best to code the page in question.
Jon
ForceSSL cannot and does not address this issue. It is an issue for the developer to address.
However, having said all of that, if you send me a link to the site in question, I'll be happy to take a look and offer advice on how best to code the page in question.
Jon
Thanks. That makes sense. Right now we're not even able to test the Force SSL at all because when we turn it on, it's going to HTTP. Even if I type in HTTPS:// it changes it back to HTTP://. I uninstalled the Force SSL block yesterday to see what that would do and it stopped changing it to HTTP - I was able to type in HTTPS and it stay that way. Please let me know the best way to avoid it doing this. My site is in a sub directory right now for testing if that helps.
Could you provide a URL and your environment info to help me debug?
Jon
Jon
Thanks. I just sent you a PM with that info.