Author Topic: unsecure objects alert  (Read 10292 times)

babbsela

  • Jr. Member
  • **
  • Posts: 58
unsecure objects alert
« on: May 09, 2008, 01:37:11 am »
When in https/checkout, each page loads with an unsecure objects alert. It's because of the update and remove images on the page. Any idea how to fix it?

I've tried changing the image source to a full https path, but that doesn't work.

Using VM 1.1, Joomla 1.0.15
If I have helped you in any way, please make a donation to the fine folks who work so hard to bring us Virtuemart.

JJRO

  • Jr. Member
  • **
  • Posts: 62
Re: unsecure objects alert
« Reply #1 on: May 09, 2008, 22:18:17 pm »
Exact same issues here!
Everything else on the page points correctly to https: -- except:
src="http://www.SITENAME.com//components/com_virtuemart/themes/default/images/update_quantity_cart.png"  &  ... /themes/default/images/remove_from_cart.png

winfreepcs

  • Jr. Member
  • **
  • Posts: 59
Re: unsecure objects alert
« Reply #2 on: May 16, 2008, 13:36:17 pm »
Join the club. I've reported it as a bug and raised the issue on various threads and there's absolutely zero assistance on this crucial issue.

I've compared VM 1.05 and 1.10 and there's an additional two lines in virtuemart configuration in 1.10 which causes the images to be unsecure.

It's enough to make me consider giving up VM.

JJRO

  • Jr. Member
  • **
  • Posts: 62
Re: unsecure objects alert
« Reply #3 on: May 16, 2008, 17:51:48 pm »
What's frustrating is manually changing the path to https:... and it still won't work.
I do have 2 other sites running 1.1 without this issue.
My thoughts are now pointing to the css for the main template (???)

I used to have hair.  :)

winfreepcs

  • Jr. Member
  • **
  • Posts: 59
Re: unsecure objects alert
« Reply #4 on: May 16, 2008, 22:25:39 pm »
I tried the default joomla templates (makemyweb, etc). Still have the problem.

JSG

babbsela

  • Jr. Member
  • **
  • Posts: 58
Re: unsecure objects alert
« Reply #5 on: June 01, 2008, 00:43:42 am »
Lots of views on this, still no solution :(

I'm thinking about changing the images to text links to get rid of the alert. Not a pretty solution, but better than getting freaked out customers.
If I have helped you in any way, please make a donation to the fine folks who work so hard to bring us Virtuemart.

JJRO

  • Jr. Member
  • **
  • Posts: 62
Re: unsecure objects alert
« Reply #6 on: June 01, 2008, 01:04:51 am »
Hey guys - I should have cross linked the fix - sorry about that!

http://forum.virtuemart.net/index.php?topic=36696.new;topicseen#new

hsitech

  • Beginner
  • *
  • Posts: 31
    • The Next Byte Inc.
Re: unsecure objects alert
« Reply #7 on: June 08, 2008, 07:03:07 am »
Hey guys - I should have cross linked the fix - sorry about that!
http://forum.virtuemart.net/index.php?topic=36696.new;topicseen#new
Um thats for virtuemart 1.0, not 1.1 this section is for 1.1 users Im about to give up and switch to zencart

JJRO

  • Jr. Member
  • **
  • Posts: 62
Re: unsecure objects alert
« Reply #8 on: June 08, 2008, 17:58:59 pm »
I'm running 1.1 and it worked for me...

clockwood

  • Beginner
  • *
  • Posts: 44
Re: unsecure objects alert
« Reply #9 on: June 14, 2008, 23:45:42 pm »
I'm using VM 1.1 on Joomla 1.5.

Http only (not https) since I'm just using PayPal.

With Firefox, sales go through fine. With Internet Explorer 6, once I get to PayPal, I get little popups saying that some of the items on the site are non-secure. I suspect this is because my site banner that shows at the top of PayPal's site is on my http (not https) site.

I'm not sure if Firefox just doesn't warn the user about this, or maybe my copy is configured not to. It does seem like a useless warning when the "problem" is a graphic that is not on a secure server.

Is there anything I can do about it? It doesn't seem like an issue with VM since the message is actually correct- more like another "feature" of IE. I'm just concerned it might scare off some customers if they think their purchase is unsecure.

When I buy from my non-Joomla, http-only sites, I don't see this warning, but I'm not giving PayPal a graphic banner, either.

I'll have to try IE 7 on another machine to see if that happens.

Thanks.

rrijnders

  • Beginner
  • *
  • Posts: 38
Re: unsecure objects alert
« Reply #10 on: June 15, 2008, 08:36:48 am »
You probably ARE getting the same error with Firefox, it's just not a pop up. If you look at the bottom right of the browser you will see a lock with a slash through it. Hold your mouse pointer over it and you will see the message "Warning: Contains unauthenticated content".

If you are going to use an image/logo on your custom paypal page, it should be encrypted. It really is a security hole as anything in the SSL stream that is not encrypted enables the stream to be more easily cracked.

If you don't have your own SSL certificate, most hosting services and shared servers have a shared certificate url that you can use for the paypal image; the users won't see that it is not from your domain.

~~ rich

babbsela

  • Jr. Member
  • **
  • Posts: 58
Re: unsecure objects alert - SOLVED
« Reply #11 on: January 03, 2009, 20:24:29 pm »
I found the error was being caused by index.php calling an IE7 stylesheet with an unsecure link

Code: [Select]
<!--[if lte IE 7]>
<link href="<?php echo $mosConfig_live_site;?>/templates/<?php echo $mainframe->getTemplate(); ?>/css/template_ie.css" rel="stylesheet" type="text/css" />
<![endif]-->

I changed it to a relative url, and now I don't have the unsecure alert

Code: [Select]
<!--[if lte IE 7]>
<link href="/templates/<?php echo $mainframe->getTemplate(); ?>/css/template_ie.css" rel="stylesheet" type="text/css" />
<![endif]-->

That may not be the perfect solution, but it works for me!
If I have helped you in any way, please make a donation to the fine folks who work so hard to bring us Virtuemart.