• We found out after enabling SSL on our site, that the plug-in breaks HTTPS. In the file ajax-search-lite/includes/views/asl.shortcode.php it has hard-coded values for the SVG entries to http. We changed them to https, and this fixed it, but a better solution would be to use // in place of http:// so that sites with mixed mode, will load dynamically what is needed without breaking SSL. You can test this by enabling the plugin on a site with SSL and then using “Why No Padlock” to test the site.

    It wont hurt anything to hard code https, but it will for http, when a site is using only SSL.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author wpdreams

    (@wpdreams)

    Hi,

    Thank you for letting me know!

    I will have to check if that does not break the validity of the SVG records though. As far as I knew the xmlns and xlink attributes were not affecting the ssl protocol in any ways. Interestingly, this issue has not been reported yet, and my test server does work with HTTPS enabled, so I’m not sure why it breaks on your end. Perhaps there is something I am not aware of, probably a certificate related thing.

    Anyways, I have noted this, and will remove or replace these attributes for the upcoming release.

    Thread Starter DigiP

    (@digip)

    Yes, if you have SSL enabled and it loads them with HTTP, it breaks the lock icon for me in Opera. You can use whynopadlock(.)com to test your site(s), which after some digging was able to see that it was an SVG image from the plug-in that caused this. Soon as I changed it, the green lock showed in my browser and also passed the test why no padlock test.

    Thread Starter DigiP

    (@digip)

    By the way, w3 supports SSL, or this would(or should) also make it fail if it didn’t already support https.

    Plugin Author wpdreams

    (@wpdreams)

    Neat, then I can seafely replace them.

    I think this has to do something with cloudflare, which I use in most of the servers. Even whynopadlock reports that the SSL and Mixed content test passes for some reason, even though there is the same svg in the source: https://i.imgur.com/hALSl1h.png

    Anyways, thank you for the info, I will fix this in the upcoming release.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hard coded HTTP entries in asl.shortcode.php’ is closed to new replies.