Title: ajax captcha image broken by https admin-ajax url Last modified: August 30, 2016 --- # ajax captcha image broken by https admin-ajax url * Resolved [jeff@exitshoes.com](https://wordpress.org/support/users/jeffexitshoescom/) * (@jeffexitshoescom) * [10 years, 8 months ago](https://wordpress.org/support/topic/ajax-captcha-image-broken-by-https-admin-ajax-url/) * Is there a way for cforms2 to generate a protocol independent captcha image? Is there some aspect of cforms admin-ajax that should be protected by https? * My users access my contact form using **http**, but cforms creates an **https** url referring to my site to create the captcha image. Most browsers generate a silent ssl error because the site is “untrusted” and this results in a broken captcha image. * I use https to administer my site, but I’m using a self-signed certificate. cforms. php sets the url for admin-ajax to the admin url of the site: ‘url’ => admin_url(‘ admin-ajax.php’), * Since my admin is over https, the url is: **https:**///wp-admin/admin-ajax. php?action=cforms2_reset_captcha&_wpnonce=nnnnnn * The above url is untrusted and in most cases silently ignored. * I fixed this for now in cforms.php using ‘url’ => site_url(‘/wp-admin/admin- ajax.php’), * The image is how I noticed it, but would silently discarding an untrusted ajax url cause other failures where the admin is using https with a self signed certificate? * Jeff * [https://wordpress.org/plugins/cforms2/](https://wordpress.org/plugins/cforms2/) Viewing 1 replies (of 1 total) * Plugin Author [bgermann](https://wordpress.org/support/users/bgermann/) * (@bgermann) * [10 years, 3 months ago](https://wordpress.org/support/topic/ajax-captcha-image-broken-by-https-admin-ajax-url/#post-6519478) * As the admin_url is aware of your HTTPS configuration and if you force admin requests to be delivered via HTTPS, the current behaviour is expected. I will not change it as you can get by via configuration. It would rule out the supposed config. * cformsII makes use of the Ajax API at some other places (e.g. Ajax form submission), but you would probably notice. * By the way: there are three CAs that provide free certificates that are recognised by common browsers: WoSign, Startcom and Let’s encrypt. Why not just get a cert from them? Viewing 1 replies (of 1 total) The topic ‘ajax captcha image broken by https admin-ajax url’ is closed to new replies. * ![](https://ps.w.org/cforms2/assets/icon-128x128.png?rev=1010031) * [cformsII](https://wordpress.org/plugins/cforms2/) * [Frequently Asked Questions](https://wordpress.org/plugins/cforms2/#faq) * [Support Threads](https://wordpress.org/support/plugin/cforms2/) * [Active Topics](https://wordpress.org/support/plugin/cforms2/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/cforms2/unresolved/) * [Reviews](https://wordpress.org/support/plugin/cforms2/reviews/) * 1 reply * 2 participants * Last reply from: [bgermann](https://wordpress.org/support/users/bgermann/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/ajax-captcha-image-broken-by-https-admin-ajax-url/#post-6519478) * Status: resolved