Not sure how to fix unsecured content over SSL - ssl

My website is here, and visiting it in Chrome gives the 'load unsafe script' error and unsecured content errors in the console. Firefox loads the site, but there isn't a lock.
My site is entirely in PHP, and I'm not sure where to start. The console and firebug said that the site was loading unsecure scripts over HTTP, but how do I make it all HTTPS?
Thanks in advance!

Your HTML has lots of links to http:// resources, eg.:
<link rel="stylesheet" type="text/css" href="http://portal.thespartaninstitute.com/...">
You need to ditch the http: part and just link to //portal.thespartaninstitute.com/... - that will then use https when the page has been loaded that way.

Related

Is there a way to get https version of amazon banner?

I'm trying to show amazon banner on my website. Here's the banner's default code:
<script type="text/javascript" language="javascript">
var aax_size='160x600';
var aax_pubname = 'username';
var aax_src='302';
</script>
<script type="text/javascript" language="javascript" src="http://c.amazon-adsystem.com/aax2/assoc.js"></script>
This is the error I'm getting if I don't change the http link:
first:1 Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://c.amazon-adsystem.com/aax2/assoc.js'. This request has been blocked; the content must be served over HTTPS.
Now if I change the url src as https://c.amazon-adsystem.com/aax2/assoc.js. The amazon banner is loading but the padlock is breaking with the following message in the console:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure frame 'http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com'. This request has been blocked; the content must be served over HTTPS.
The above url http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com is in the javascript hosted by amazon which I can't change. Is there a way to fix it?
Most services which support https but provide http will accept https://our.site.com as an alternative to http://our.site.com. Have you tried just changing the protocol from
"http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
to
"https://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
just clear your browser cache or try it in private/incognito window with your HTTPS changes. It can be a browser level issue.
As amazon is using Protocol Relative URL in this script. So there is no where hard coded http or https.
You can view the same by beautifing the code in http://c.amazon-adsystem.com/aax2/assoc.js
By changing http:// to https:// it worked for me.

Unable to connect to xmpp using converse.js

I have an HTML file in which I am including these lines.
<link rel="stylesheet" type="text/css" media="screen" href="https://cdn.conversejs.org/css/converse.min.css">
<script src="https://cdn.conversejs.org/dist/converse.min.js"></script>
<script src="index.js"></script>
and my index.js contains this code.
converse.initialize({
bosh_service_url: 'http://localhost:7070/http-bind/',
console.log(bosh_service_url)
jid: 'admin#localhost',
password:'root'
});
so can anybody tell me what I am doing wrong here. I am getting no response message on console(not even error). I think there is some problem with this bosh url. I am not getting any active client session in openfire.
I'm pretty sure that that console.log() statement messes up your configuration object. I'd remove that.
Also, this assumes that the browser can reach your instance of Openfire on 'localhost' (port 7070) which will only work in browsers that are opened on the same machine as where Openfire is running.
Finally, your JID includes 'localhost'. Is that the XMPP domain name that you have configured in Openfire (which, at best, is a very confusing value to use)?
You can lookup the configured values for the XMPP domain (which you need to use as part of the JID), but also the fully qualified domain name of the server (which you should use as part of the BOSH service URL) on the first page (after login) of the Openfire Admin Console.

google translate not showing up when https is used in url

For some reason when you go to the url https://www.improvementskills.org/index.cfm google translate does not show up, but when you go to http://www.improvementskills.org/index.cfm it works fine. So I know the issue is with SSL and having https. Does anyone know what the problem is and how to fix it. Thanks!
You are loading Google's JavaScript with an http URL, even when your page is served with https. The browser rejects that, because it's insecure to include non-https content in an https page.
You need to do this:
<script type="text/javascript" src="//translate.google.com/...
rather than specifying the URL as http://translate.google.com/... By starting the URL at the double-slash, the browser will use whichever of http or https the page itself is using.

Why are my CSS/JS resources loading with HTTPS?

All my page resources - css/js/images- are failing to load. I'm using relative links (e.g. <link href="includes/css/athletics.css" rel="stylesheet" type="text/css" />), and when I inspect the network tab in firebug it shows that all the resource GET requests are HTTPS, even though the main page request is an HTTP request. What would be causing this?
I'm running on a WAMPServer with some alias directories set up.
do you have a <base ... > defined?

Why do I have both HTTPS and HTTP links on site, need them all secure!

I am getting the security alert: "You are about to be directed to a connection that is not secure. the information you are sending to the current site might be transmitted to a non-secure site. Do you wish to continue?" when I try to login as a customer on my clients oscommerce website. I noticed the link in the status bar goes from a https prefix to a nonsecure http prefix. The site has a SSL certificate, so how do I ensure the entire store portion of the site directs to the secured site?
It is likely that some parts of the page, most often images or scripts, are loaded non-secure. You'll need to go through them in the browser's "view page source" view one by one and eliminate the reason (most often, a configuration setting pointing to http://).
Some external tools like Google Analytics that you may be embedding on your site can be included through https://, some don't. In that case, you may have to remove those tools from your secure site.
If you can't switch all the settings, try using relative paths
<img src="/images/shop/xyz.gif">
but the first thing is to identify the non-secure elements using the source code view of your browser.
An immediate redirection from a https:// page to a http:/ one would not result in a warning as you describe. Can you specify what's up with that?
Use Fiddler and browse your site, in the listing it should become evident what is using HTTP and HTTPS.
Ensure that the following are included over https:
css files
js files
embedded media (images, videos)
If you're confident none of your own stuff is included over http, check things like tracking pixels and other third-party gadgets.
Edit: Now that you've linked your page, I see that your <base> tag is the problem:
<base href="http://balancedecosolutions.com/products//catalog/">
Change to:
<base href="https://balancedecosolutions.com/products//catalog/">
If the suggestion from Pekka doesn't suit your needs you can try using relative links based on the schema (http or https):
e.g.,
I am a 100% valid link!
The only problem with this technique is that it doesn't work with CSS files in all browsers; though it does work within Javascript and inline CSS. (I could be wrong here; anyone want to check?).
e.g., the following :
<link rel="stylesheet" href="/css/mycss.css" />
<!-- mycss.css contents: -->
...
body{
background-image:url(//static.example.com/background.png);
}
...
...might fail.
A simple Find/Replace on your source code could be easy.
It sounds to me like the HTML form you are submitting is hardcoded to post to a non-secure page.