Having ssl insecure page items? Here's the fix

  • jhnpldng

    (@jhnpldng)


    8 years, 9 months ago

    I like this plugin but it’s not ssl compatible but can be fixed because all the social platforms are https now so it’s just a matter of finding the http instances and replacing them with https. I’ve only tested this with facebook so far and it worked for that. Around line 346 of the main plugin file, social-connect.php, just change http to https. That will fix the facebook profile pic. The pic comes from an https url but the source code for your page is going to have http until you change the above.

    I have sublime which will search inside of all files in the working folder, giving the results on one page as snippets with the file location at the top. Here are the results.

    wp-content/plugins/social-connect/liveid/connect.php:
   17  // The location of the Web Authentication control. You should not have
   18  // to change this value.
   19: $CONTROLURL = 'http://login.live.com/controls/WebAuth.htm';

wp-content/plugins/social-connect/liveid/windowslivelogin.php:
  813          $baseurl = $this->_baseurl;
  814          if (!$baseurl) {
  815:             return "http://login.live.com/";

    I went to https://login/live.com and it resolves fine so changing the above should be fine although I haven’t seen a windows live option anywhere on the plugin settings. Part of openID?

    wp-content/plugins/social-connect/media/js/connect.js:
   44  			var context = $(e.target).parents('.social_connect_wordpress_form')[0];
   45  			var blog_name = $('.wordpress_blog_url', context).val();
   46: 			var blog_url = "http://" + blog_name + ".wordpress.com";
   47  			redirect_uri = redirect_uri + "&wordpress_blog_url=" + encodeURIComponent(blog_url);

    Also resolves with https just fine

    wp-content/plugins/social-connect/openid/openid.php:

    Too many in this file to post but it’s openid.net and resoves with https so it should be fine to change them all. Starts about line 342 and goes to line 699.

    wp-content/plugins/social-connect/twitter/EpiTwitter.php:
   13  {
   14    const EPITWITTER_SIGNATURE_METHOD = 'HMAC-SHA1';
   15:   protected $requestTokenUrl= 'http://twitter.com/oauth/request_token';
   16:   protected $accessTokenUrl = 'http://twitter.com/oauth/access_token';
   17:   protected $authorizeUrl   = 'http://twitter.com/oauth/authorize';
   18:   protected $authenticateUrl= 'http://twitter.com/oauth/authenticate';
   19:   protected $apiUrl         = 'http://twitter.com';
   20:   protected $searchUrl      = 'http://search.twitter.com';

    Twitter’s good with https

    That’s it! Swap those out and you should be good to go.

    https://wordpress.org/plugins/social-connect/

  • The topic ‘Having ssl insecure page items? Here's the fix’ is closed to new replies.