Oscommerce Question posted in
The official documentation can be found here

Why do I have both HTTPS and HTTP links on site, need them all secure! – Oscommerce

I am getting the security alert: “You are about to be directed to a connection that is not secure. the information you are sending to the current site might be transmitted to a non-secure site. Do you wish to continue?” when I try to login as a customer on my clients oscommerce website. I noticed the link in the status bar goes from a https prefix to a nonsecure http prefix. The site has a SSL certificate, so how do I ensure the entire store portion of the site directs to the secured site?

Tags:

5

Answers


  1. 0

    It is likely that some parts of the page, most often images or scripts, are loaded non-secure. You’ll need to go through them in the browser’s “view page source” view one by one and eliminate the reason (most often, a configuration setting pointing to http://).

    Some external tools like Google Analytics that you may be embedding on your site can be included through https://, some don’t. In that case, you may have to remove those tools from your secure site.

    If you can’t switch all the settings, try using relative paths

    <img src="/images/shop/xyz.gif">

    but the first thing is to identify the non-secure elements using the source code view of your browser.

    An immediate redirection from a https:// page to a http:/ one would not result in a warning as you describe. Can you specify what’s up with that?

    Login or Signup to reply.
  2. 0

    Ensure that the following are included over https:

    • css files
    • js files
    • embedded media (images, videos)

    If you’re confident none of your own stuff is included over http, check things like tracking pixels and other third-party gadgets.

    Edit: Now that you’ve linked your page, I see that your <base> tag is the problem:

    <base href="http://balancedecosolutions.com/products//catalog/">

    Change to:

    <base href="https://balancedecosolutions.com/products//catalog/">
    Login or Signup to reply.
  3. 0

    Use Fiddler and browse your site, in the listing it should become evident what is using HTTP and HTTPS.

    Login or Signup to reply.
  4. 0

    It sounds to me like the HTML form you are submitting is hardcoded to post to a non-secure page.

    Login or Signup to reply.
  5. 0

    If the suggestion from Pekka doesn’t suit your needs you can try using relative links based on the schema (http or https):

    e.g., 

    <a href="//www.example.com/mypage.html">I am a 100% valid link!</a>

    The only problem with this technique is that it doesn’t work with CSS files in all browsers; though it does work within Javascript and inline CSS. (I could be wrong here; anyone want to check?).

    e.g., the following :

    <link rel="stylesheet" href="/css/mycss.css" />
<!-- mycss.css contents: -->
...
body{
    background-image:url(//static.example.com/background.png);
}
...

    …might fail.

    A simple Find/Replace on your source code could be easy.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search