WordPress.org

Forums

WP Stripe
Mixed content (http + https) blocked in Firefox 23 - blocks transactions (2 posts)

  1. PaulMorris
    Member
    Posted 1 year ago #

    I'm running into a problem with Firefox (23) blocking mixed content. I have one payment/registration page set up to use https and that's working. But when I click the submit button Firefox blocks the transaction from occurring because of mixed content. (I'm just doing test transactions at the moment.) Here's more info on this blocking:
    https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

    In Chrome the transaction goes through, but with a scary yellow <!> warning saying that it was not secure:

    "Your connection to [yourdomain.org] is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."

    If I set my whole site to use https instead of just that page, the problem does not occur. But I don't want my whole site to use https if I can avoid it, since there are already links out there using http and I don't want anyone to link to any other pages using https.

    Is there a way to get WP-Stripe to not serve mixed content and avoid being blocked or generating scary warnings from browsers? (I'm guessing that it's just some AJAX content related to the "success" message" that's being sent via http/unsecured?)

    (Also, I am using the [wp-legacy-stripe] shortcode, in case that's relevant.)

    -Paul

    http://wordpress.org/plugins/wp-stripe/

  2. PaulMorris
    Member
    Posted 1 year ago #

    More info: The problem still occurs when using the (non-legacy) [wp-stripe] shortcode, even with "Enable SSL for modal pop-up?" set to yes.

    -Paul

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Stripe
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.