WordPress.org

Ready to get started?Download WordPress

Forums

Sociable images not serving over SSL in my shopping cart checkout (9 posts)

  1. razorwriter
    Member
    Posted 4 years ago #

    I am troubleshooting this error on my shopping cart checkout page (with SSL cert):
    Connection Partially Encrypted
    Parts of the page you are viewing were not encrypted before being transmitted.
    Information sent over the Internet without encryption can be seen by other people while in transit.

    When I look at the code, the only includes that aren't HTTPS encrypted are Sociable and a link to Google hosted jQuery library.
    Anyone know why these aren't being secured properly?

    Also is there any way to disable Sociable, but just for my shopping cart and checkout pages? My shopping cart puts it's content on WP Pages so they show Sociable just like any other page.

  2. myktra
    Member
    Posted 4 years ago #

    Yes, this is a problem with many WordPress plugins I have encountered, including WP-Cufon and ShareThis. The experience is especially irritating for IE users who are interrupted with a dialog in addition to the typical warning icon.

    A recommendation to plug-in developers was made recently...you might want to check it out for the backstory.

    http://wordpress.org/support/topic/326061?replies=2

    The Google Analytics plug-in is a good example of how to do it right...it uses a WordPress API (wp_enqueue_script) to serve its JS, and the Google JS itself encodes its own external link references to ensure content is served over HTTPS is an SSL environment. But there are still plugins like ShareThis that download resources from its own servers...and it's unclear whether you can fetch those over an SSL connection as well.

    I have tried the HTTPS for WordPress plugin and sadly it won't fix the mistakes made by plugin developers. Sounds like the only immediate workaround is to hack any bad-behaving plugin scripts.

  3. sociable
    Member
    Posted 4 years ago #

    rozorwriter: rozorwriter: There's no provided mechanism to mix SSL and non SSL elements in the plugin, as it gets the image URL prefix from the site's URL and wordpress configuration.

  4. razorwriter
    Member
    Posted 4 years ago #

    Hey Sociable,
    As the plugin developer, can you take a look at the link referenced in the post before yours? You could at least use code that checks for https as mentioned.

  5. razorwriter
    Member
    Posted 4 years ago #

    i'd like to hack this myself but I don't have much PHP knowledge. Can someone tell me if I have this right? I feel like it's missing something.

    Original Sociable variable:

    $sociablepluginpath = WP_CONTENT_URL.'/plugins/'.plugin_basename(dirname(__FILE__)).'/';

    Version which checks for HTTPS as mentioned in link above:

    $sociablepluginpath = (empty($_SERVER['HTTPS'])) ? WP_CONTENT_URL.'/plugins/' : str_replace("http://", "https://", WP_CONTENT_URL.'/plugins/');
  6. myktra
    Member
    Posted 4 years ago #

    here's an alternative version i've used on a different plugin; i wrote a function for it:


    function url_sslize($value) {
    return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? str_replace('http://', 'https://', $value) : $value;
    }

    i might be wrong, but i think this covers a special case when running your WordPress install on Windows/IIS - if you were that crazy ;) it could also be a bit more foolproof and only replace the protocol if it appears at the start of the string.

  7. sociable
    Member
    Posted 4 years ago #

    razorwriter: We have taken note of your issue for a future release.

    Regards.

  8. ssteiner
    Member
    Posted 3 years ago #

    I am experiencing this problem in my main WordPress login. There is a mixture of SSL and non-SSL content even with :

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);

    in my wp-config.php.

    I am on wordpress 3.0.1.

    S

  9. ssteiner
    Member
    Posted 3 years ago #

    I just hunted this down and, in my case, only "wp-includes/js/jquery.js" is being pulled in over http://, everything else is https://

    I'm guessing there's a missing site_url call before one of the includes but I haven't yet tracked it down.

    S

Topic Closed

This topic has been closed to new replies.

About this Topic