google translate not showing up when https is used in url - ssl

For some reason when you go to the url https://www.improvementskills.org/index.cfm google translate does not show up, but when you go to http://www.improvementskills.org/index.cfm it works fine. So I know the issue is with SSL and having https. Does anyone know what the problem is and how to fix it. Thanks!

You are loading Google's JavaScript with an http URL, even when your page is served with https. The browser rejects that, because it's insecure to include non-https content in an https page.
You need to do this:
<script type="text/javascript" src="//translate.google.com/...
rather than specifying the URL as http://translate.google.com/... By starting the URL at the double-slash, the browser will use whichever of http or https the page itself is using.

Related

Is there a way to get https version of amazon banner?

I'm trying to show amazon banner on my website. Here's the banner's default code:
<script type="text/javascript" language="javascript">
var aax_size='160x600';
var aax_pubname = 'username';
var aax_src='302';
</script>
<script type="text/javascript" language="javascript" src="http://c.amazon-adsystem.com/aax2/assoc.js"></script>
This is the error I'm getting if I don't change the http link:
first:1 Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://c.amazon-adsystem.com/aax2/assoc.js'. This request has been blocked; the content must be served over HTTPS.
Now if I change the url src as https://c.amazon-adsystem.com/aax2/assoc.js. The amazon banner is loading but the padlock is breaking with the following message in the console:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure frame 'http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com'. This request has been blocked; the content must be served over HTTPS.
The above url http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com is in the javascript hosted by amazon which I can't change. Is there a way to fix it?
Most services which support https but provide http will accept https://our.site.com as an alternative to http://our.site.com. Have you tried just changing the protocol from
"http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
to
"https://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
just clear your browser cache or try it in private/incognito window with your HTTPS changes. It can be a browser level issue.
As amazon is using Protocol Relative URL in this script. So there is no where hard coded http or https.
You can view the same by beautifing the code in http://c.amazon-adsystem.com/aax2/assoc.js
By changing http:// to https:// it worked for me.

How to force iframe to use https already embed on other https websites?

I had website without https i.e. SSL. Other websites embed the page of my website using iframe.
<iframe src="http://mywebsite.com/app" ... />
That worked fine until their website was http only. Now their website is https and does not load iframe because it is only http. Now i have added SSL. without contacting the other website how to make iframe work on their website?
Please help.
... without contacting the other website
Impossible. The browser will not even try to contact your site since it is a HTTP resource included inside HTTPS. The URL has to be changed in embedding site and this can only be done by the maintainer of the embedding site.

How to ensure my website loads all resources via https?

URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js

External sites link https issue

I have a video website which I recently changed from http to https.
i.e http://example.com to https://www.example.com.
And I have also made an htaccess entry to automatically 301 redirect all http urls to https.
The old video embed code links given to external customer sites are like :
<script scr="http://example.com/embed_script.js"></script>
Some customer websites also changed to http to https. In those https websites the above link with http protocol won't work because of mixed content. I have no control over the customer sites to change those urls to https. Any automatic redirect solution exists for this ?
You can't fix this unless you get them to use https. You could perhaps locally cache a copy as a workaround, but I've never done that.

Optional SSL in TYPO3

I want to make our TYPO3 v4.5 website accessible by HTTP and HTTPS. I already configured SSL for Apache and requesting the main page displays it... partially.
The baseurl within the page links to my http-site (and is not a https-URL), and therefore the browser won't load the css files, because they come from an unsafe part of my domain.
I believe I could switch my whole site to HTTPS, but don't want it. I would like that when the site is called by HTTP, all URLs are generated as http:// and when called over SSL, all urls should be generated as https:// URLs.
Did anybody achieve something like that?
Use a TypoScript condition to output the base URL dependent on the used protocol:
config.baseURL = http://example.com
[globalString = ENV:HTTPS=on]
config.baseURL = https://example.com
[global]
That's a bit ugly (as both variants will not share caches), but Protocol-relative tags are not possible. The only alternative (to baseURL) is config.absRefPrefix.