Support » Plugin: Really Simple SSL » Mixed Content Issue on Checkout Page of WooComm

  • Resolved grantmahy

    (@grantmahy)


    Hi there I am using real simple ssl pro on a woocommerce site http://www.jatekbiochemicals.com.au

    I have installed a plugin for calculating freight for fastway couriers in Australia (Fastway Shipping Pro by ospayment) and we encountered an issue where it seems there is mixed content on the page causing it to hang..

    In Firefox you can see there is an issue because the green lock has a grey triangle with an exclamation mark on it and it says Firefox has blocked parts of this page that are not secure. I ran a debug with real simple SSL and got this (seems okay)

    ** Really Simple SSL debug mode **
    ** Detecting configuration **
    plugin version: 2.3.13
    Already on SSL, start detecting configuration
    No server variable detected
    ssl type: LOADBALANCER
    ** Configuring SSL **
    testing htaccess rules…
    htaccess rules tested successfully.
    checking if .htaccess can or should be edited…
    settings page, per site activation or hsts option change, updating htaccess…
    single site or networkwide activation
    converting siteurl and homeurl to https

    I have no idea what is going on here. Can anyone there give me some advice at what may be happening?

    Hope you can help because I have no idea what is going on where it comes to SSL (hence using real simple SSL)

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    You have an issue with an insecure endpoint:
    `Mixed Content: The page at ‘https://www.jatekbiochemicals.com.au/checkout/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://www.jatekbiochemicals.com.au/’.

    Normally this would mean that in the ajax request a http:// url is used. But the strange thing is: there doesn’t seem to be a reference to a http link at all. I’ve checked your .js files and css files, and the source. The ajax url is passed with https.

    What happens if you deactivate all plugins, except the absolute minimum required ones to test this?

    Rogier

    Thread Starter grantmahy

    (@grantmahy)

    Hi thanks for getting back to me so quickly. Yes I did a view page source code check myself and while no expert could not see any issues either. I am wondering if something in the cloudflare settings could possible cause an issue here?I’ve now switched off most plugins as per your recommendation and I am still having the same problem.

    Best

    Grant

    Thread Starter grantmahy

    (@grantmahy)

    Oh and one other thing also is the tech people from OSpayment sent me this link http://prnt.sc/ck49b1

    Does this tell you anything?

    Best

    Grant

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    That is the error I mentioned in my first reaction, the insecure XMLHttpRequest endpoint.

    I’ve just checked your site again, and I noticed the error has changed, so deactivating the plugins has had some effect after all:
    No 'Access-Control-Allow-Origin' header is present on the requested resource

    This means access from another domain (in this case the non ssl domain) is blocked.
    Please try if adding this to your .htacccess helps:

    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
    Thread Starter grantmahy

    (@grantmahy)

    Thanks I pasted it in so my .htaccess file looks like this now

    php_value max_input_vars 6000
    php_value upload_max_filesize 64M
    php_value post_max_size 64M
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin “*”
    </IfModule>

    # END WordPress
    # BEGIN Brute Force Login Protection
    #ErrorDocument 403 “blocked”
    # END Brute Force Login Protection

    No joy unfortunately. I am wondering too whether things had changed because I made some setting changes for cloudflare and have it in Dev mode. I have another cart on a Divi Site (so basically the same set up where this problem isn’t occurring so it isn’t theme related but something else ??? Any other ideas here? I’m totally lost with SSL.

    Best

    Grant

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    Is the other site where it’s working on SSL as well?

    Thread Starter grantmahy

    (@grantmahy)

    Yes it is. https://manicbotanix.com — although the cart isn’t operational yet they have been selling a piece of software through it with no problems. Both have SSL and both are using Cloudflare. I have no idea what has gone on here. I’ve spoken to the server people about the problem and they assure me it isn’t server side as several other WooCoomerce carts are on the server and not having problems.

    Could this perhaps be a problem at the paypal end where we haven’t entered the API or something else correctly.

    Best

    Grant

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    You could also make a copy with Duplicator of your working site in a dev folder. If it then stops working on your new domain, then it is something in the server, cloudflare or paypal settings. If it works, you can then step by step give it the configuration you have now, until it stops working. This way you should be able to track it down.

    Thread Starter grantmahy

    (@grantmahy)

    Okay thanks Rogier. We’re taking it Cloudflare now and I’ll do as you suggested to see if there is some sort of server problem that may be causing it. Speaking to the server person he too is baffled by what’s happening.. Thanks so much

    Grant

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Mixed Content Issue on Checkout Page of WooComm’ is closed to new replies.