ProductCart Shopping Cart Software Forums : Leaving the https:

Leaving the https: : Thanks, fellas, got some of this...

Mon, 16 May 2011 08:39:42 +0000

Author: SharpDataInc
Subject: 4471
Posted: 16-May-2011 at 8:39am

Thanks, fellas, got some of this stuff cleared away.

SDI

Leaving the https: : For the Authorize.net logo just...

Wed, 11 May 2011 10:30:45 +0000

Author: cognecy
Subject: 4471
Posted: 11-May-2011 at 10:30am

For the Authorize.net logo just change the link to use https all the time. I checked and this worked just fine. You can check suspicious elements/objects yourself by just plugging in the source link into your browser address bar with an https. So your trust seal code will now look like this:

src="https://www.authorize.net/files/PreferredReseller.gif" width="140" height="50" border="0"
alt="Authorize.Net Preferred Reseller" />

NOTE the only part that I changed to https was for the "object" that is being added to your page from an external source.

As a rule of thumb: You can build a non-secure page using secure objects ... you cannot build a secure page using non-secure objects.

I just checked the link for the google translate code and it does not appear the gmodules.com portion (the first URL) will allow you to use https. The second portion that uses "google.com" will allow https so you could try this in your code:

I have not ever used that code in a website but if it is giving you problems after using my modification, you may have to leave that out of your code where the store is concerned.

Edited by cognecy - 11-May-2011 at 10:32am

Leaving the https: : Each of those very likely have...

Wed, 11 May 2011 10:17:17 +0000

Author: Greg Dinger
Subject: 4471
Posted: 11-May-2011 at 10:17am

Each of those very likely have an SSL, and changing to HTTPS should be successful. Just experiment a bit.

Keep in mind that once you overcome any objects that are causing the SSL warning, my original comments still apply. If someone has gone to the "my account" login, or to checkout, and then browses back to the store - you still want to force them back to HTTP.

Leaving the https: : What about using Google Translate?...

Wed, 11 May 2011 09:00:21 +0000

Author: SharpDataInc
Subject: 4471
Posted: 11-May-2011 at 9:00am

What about using Google Translate? An even Authorize.net logo, you are governed by their code for the logo.

Authorize.net
src="http://www.authorize.net/files/PreferredReseller.gif" width="140" height="50" border="0"
alt="Authorize.Net Preferred Reseller" />

Google Translate

I cant have these on the asp pages. I will check with them, I believe they need to support https:, I thought Google did...

Thanks
SDI

Leaving the https: : Ah, yeah its actually the js call...

Wed, 11 May 2011 08:20:06 +0000

Author: SharpDataInc
Subject: 4471
Posted: 11-May-2011 at 8:20am

Ah, yeah its actually the js call that is causing the issue. The html is not the problem. Thanks!

Leaving the https: : Keep in mind that a hard-coded...

Wed, 11 May 2011 08:06:21 +0000

Author: cognecy
Subject: 4471
Posted: 11-May-2011 at 8:06am

Keep in mind that a hard-coded "Link" as you have written it below will NOT cause a security warning.

These security warnings are caused by calling (or inserting into) the current page an object like an image, a .js file, an includes statement with a full path etc.

The reason is that while your page is trying to switch to https you are trying to build the page with elements that are not secure.

The way to avoid security warnings is to ensure that all objects are referenced using a relative path ... something like: src="/somedirectory/someimage.jpg"

Leaving the https: : How do you avoid the security...

Wed, 11 May 2011 07:23:40 +0000

Author: SharpDataInc
Subject: 4471
Posted: 11-May-2011 at 7:23am

How do you avoid the security warning in the checkout? At the time of checkout, if there is a hard coded path in the header.asp:

href="http://www.website.com/html/myhtml"

you will get the security warning message box.

Leaving the https: : we make a point of hard-coding...

Wed, 11 May 2011 00:56:03 +0000

Author: Greg Dinger
Subject: 4471
Posted: 11-May-2011 at 12:56am

we make a point of hard-coding our stores, once they launch, so that all links point to fully-pathed HTTP or HTTPS URLs, dependant upon whis is appropriate. That is the way we avoid the conflict you describe.

Leaving the https: : My header.asp file has the pathslike...

Wed, 11 May 2011 00:49:20 +0000

Author: SharpDataInc
Subject: 4471
Posted: 11-May-2011 at 12:49am

My header.asp file has the paths like this

../../index.html

../../contactus.html

Problem is when the user starts a secure session (https:) and then decides to click on a link (away from asp) it keeps the secured session active (https:) not http:. So the html page get the security warning because its https: not http:.

Is this avoidable?

Thanks

SDI