Jump to content

Im getting a security warning in IE6 on order form (Fixed)


Angler

Recommended Posts

Since upgrading to v3.2.1 (great work Matt):) I keep getting an IE6 security warning about unsecure items when first going to the singlepage order form.

 

Works fine on the other order forms and any other secure pages.

 

So is anyone else getting this or any ideas :)

 

For anyone checking out my order form although I have customized it a little this is not the problem as I also get the warning when using the standard singlepage form.

 

Thanks

 

Graham

 

UPDATE:

Matt has now fixed the problem with the single page order form and also with the default template giving the warning using any order form. :)

 

Anyone wanting the files which Matt changed can download them from here

http://www.kintallon.com/ie6_fix.zip

 

Matt if you would rather I didn't make these files available then please edit/delete this post

Link to comment
Share on other sites

 

I wish IE6 were banned, but that's beside the point. :)

 

Looks like you have quite a few absolute links with the http:// prefix. Can you change them to relative links?

 

I don't use IE6 myself i'm a Firefox man but I always try in different browsers for compatibility.

 

Do you mean the links as part of my site template and not WHMCS?

The absolute links are to stop hhtps being preserved if going from a secure page to non secure page :)

 

Thing is its nothing to do with customization or site integration as changing to the basic unchanged whmcs templates I still get the warning

Link to comment
Share on other sites

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb. ;)

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

Link to comment
Share on other sites

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb. ;)

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple :)

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form :)

Link to comment
Share on other sites

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb. ;)

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple :)

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form :)

 

There is no ajax, its iframes! =P

Link to comment
Share on other sites

I had the same security issue when checking it with IE7; I removed the Google Analytic script and it went away. I also had to change the maxmind logo to https. It works fine now.

As for the Google Analytics, if you would like to use it in secure mode, set up a new Analytics profile for your site and be sure to choose "https://" this time. Then Google will give you a secure URL script to put in your footer.tpl.

Link to comment
Share on other sites

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb. ;)

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple :)

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form :)

 

I get an error/warning in IE7, (not sure how Matt wouldn't, but perhaps he has his settings different), and if you look at the images that *don't* display until you click the "yes", authorizing the non-secure images, that shows where the problem is. Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links, so technically IE7 is correct, you're calling in images from outside the SSL "zone" as it were. Interesting that FF doesn't have a problem with the page at all...normally when there's any issue whatsoever with SSL displaying, I have it in FF.

Link to comment
Share on other sites

There's no error showing here in IE7

 

Matt

It's just in IE6 and below, and only has to do with the links to insecure pages (such as the "Powered by..." link as bear suggested).

 

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

Link to comment
Share on other sites

There's no error showing here in IE7

 

Matt

It's just in IE6 and below, and only has to do with the links to insecure pages (such as the "Powered by..." link as bear suggested).

 

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

Strange. What is your order page URL?

Link to comment
Share on other sites

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

 

Strange. What is your order page URL?

 

No hon, I'm talking about the page/URL posted by the OP of this thread.

D'oh! :oops:

 

Yes, I see what you mean now. Same result here on the OP's order page with IE7.

Link to comment
Share on other sites

Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links

When I looked earlier with mozilla, no warning. Just now I got one, but this is in the code for that image:

src="../images/header.jpg"

That's a relative URL, just like it was before, and should not be a problem.

 

Just rechecked, and the Google code is incorrect:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-1";

urchinTracker();

</script>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-3";

urchinTracker();

 

</script>

Link to comment
Share on other sites

Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links

When I looked earlier with mozilla, no warning. Just now I got one, but this is in the code for that image:

src="../images/header.jpg"

That's a relative URL, just like it was before, and should not be a problem.

 

Just rechecked, and the Google code is incorrect:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-1";

urchinTracker();

</script>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-3";

urchinTracker();

 

</script>

 

I'm still not getting any warning in FF (2.0.0.5), but in IE7, certain images (like the header, that's an absolute http link) didn't display until I pressed the "yes" to display secure and non-secure. If you're using IE7, do a hard refresh and see.

 

If it were me, I'd do typical troubleshooting and copy the image files over to the SSL domain/sub-domain. It looks to me that with any non-secure/http link IE7 is gonna balk.

 

And also you're right, that first Google link needs to be fixed.

Link to comment
Share on other sites

Strange. What is your order page URL?

 

No hon, I'm talking about the page/URL posted by the OP of this thread.

D'oh! :oops:

 

Yes, I see what you mean now. Same result here on the OP's order page with IE7.

 

IE7 is a little different on some things. I had trouble with a redirect a few days ago, couldn't for the life of me figure WHY it wasn't working in IE7. The page kept refreshing but the redirect never worked. I assumed I must have done a typo or some such, until I checked it in 2 other browsers, worked fine.

 

IE7 now has META REFRESH disabled by default, and to turn it on is buried semi-deep in the settings.

Link to comment
Share on other sites

I'm still not getting any warning in FF (2.0.0.5), but in IE7, certain images (like the header, that's an absolute http link)
Where are you seeing an absolute link? "../images..." is not absolute. Paste the code you're seeing, please, with a few lines before and after.

 

If it were me, I'd do typical troubleshooting and copy the image files over to the SSL domain/sub-domain.

Not all server setups use separate folders for SSL (mainly Plesk does so). It's valid to use relative references and as long as the calling page is https, it works correctly.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated