Im getting a security warning in IE6 on order form (Fixed)

[Angler]

Since upgrading to v3.2.1 (great work Matt) I keep getting an IE6 security warning about unsecure items when first going to the singlepage order form.

 

Works fine on the other order forms and any other secure pages.

 

So is anyone else getting this or any ideas

 

For anyone checking out my order form although I have customized it a little this is not the problem as I also get the warning when using the standard singlepage form.

 

Thanks

 

Graham

 

UPDATE:

Matt has now fixed the problem with the single page order form and also with the default template giving the warning using any order form.

 

Anyone wanting the files which Matt changed can download them from here

http://www.kintallon.com/ie6_fix.zip

 

Matt if you would rather I didn't make these files available then please edit/delete this post

[webresellers]

I noticed this as well....

[uberhost]

After I pulled out my Google Analytics code from footer.tpl, everything worked fine (even Firefox, which can be problematic with SSL pages).

[Angler]

Not anything to do with my site integration, because when using the standard WHMCS templates I still get the warning.

[bear]

If you link to the page here I could try and help you find the cause.

 

Just been too busy to download and upgrade yet

[Angler]

If you link to the page here I could try and help you find the cause.

 

Just been too busy to download and upgrade yet

 

 

Thanks Bear

 

https://www.kintallon.com/client/order.php

 

the order form has a little customization but as I said I get the earning with the default order form as well

[uberhost]

https://www.kintallon.com/client/order.php

 

I wish IE6 were banned, but that's beside the point.

 

Looks like you have quite a few absolute links with the http:// prefix. Can you change them to relative links?

[Angler]

https://www.kintallon.com/client/order.php

 

I wish IE6 were banned, but that's beside the point.

 

Looks like you have quite a few absolute links with the http:// prefix. Can you change them to relative links?

 

I don't use IE6 myself i'm a Firefox man but I always try in different browsers for compatibility.

 

Do you mean the links as part of my site template and not WHMCS?

The absolute links are to stop hhtps being preserved if going from a secure page to non secure page

 

Thing is its nothing to do with customization or site integration as changing to the basic unchanged whmcs templates I still get the warning

[bear]

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb.

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

[Matt]

There's no error showing here in IE7

 

Matt

[Angler]

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb.

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form

[MACscr]

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb.

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form

 

There is no ajax, its iframes! =P

[uberhost]

There's no error showing here in IE7

 

Matt

It's just in IE6 and below, and only has to do with the links to insecure pages (such as the "Powered by..." link as bear suggested).

[Angler]

There is no ajax, its iframes! =P

 

Ah right I was just going on what AH-John said in his new orderform thread

[rodeoXtreme]

I had the same security issue when checking it with IE7; I removed the Google Analytic script and it went away. I also had to change the maxmind logo to https. It works fine now.

[uberhost]

I had the same security issue when checking it with IE7; I removed the Google Analytic script and it went away. I also had to change the maxmind logo to https. It works fine now.

As for the Google Analytics, if you would like to use it in secure mode, set up a new Analytics profile for your site and be sure to choose "https://" this time. Then Google will give you a secure URL script to put in your footer.tpl.

[Blueberry3.14]

Can't find a darn thing wrong. Looked in the CSS (both files), the live JS code...every where. The error only happens in IE, though. Tried in Mozilla, FF, Opera and IE. In the Moz family, it will usually drop into quirks mode if there's something wrong...nothing.

 

1) IE is dumb.

2) Incompatible cert? (doubtful, it's a good one)

 

All your image and script caslls are relative to the doc which is the proper way to do it.

Stymied....unless it has to do with the "powered by" call?

 

sort of glad I wasn't just missing something simple

 

Only thing I could think of was something to do with the Ajax code?? since the error only happens in the singlepage order form

 

I get an error/warning in IE7, (not sure how Matt wouldn't, but perhaps he has his settings different), and if you look at the images that *don't* display until you click the "yes", authorizing the non-secure images, that shows where the problem is. Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links, so technically IE7 is correct, you're calling in images from outside the SSL "zone" as it were. Interesting that FF doesn't have a problem with the page at all...normally when there's any issue whatsoever with SSL displaying, I have it in FF.

[Blueberry3.14]

There's no error showing here in IE7

 

Matt

It's just in IE6 and below, and only has to do with the links to insecure pages (such as the "Powered by..." link as bear suggested).

 

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

[uberhost]

There's no error showing here in IE7

 

Matt

It's just in IE6 and below, and only has to do with the links to insecure pages (such as the "Powered by..." link as bear suggested).

 

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

Strange. What is your order page URL?

[Blueberry3.14]

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

 

Strange. What is your order page URL?

 

No hon, I'm talking about the page/URL posted by the OP of this thread.

[uberhost]

I get it (the warning about secure and non-secure) in IE7 as well, with default security settings.

 

Strange. What is your order page URL?

 

No hon, I'm talking about the page/URL posted by the OP of this thread.

D'oh!

 

Yes, I see what you mean now. Same result here on the OP's order page with IE7.

[bear]

Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links

When I looked earlier with mozilla, no warning. Just now I got one, but this is in the code for that image:

src="../images/header.jpg"

That's a relative URL, just like it was before, and should not be a problem.

 

Just rechecked, and the Google code is incorrect:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-1";

urchinTracker();

</script>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-3";

urchinTracker();

 

</script>

[Blueberry3.14]

Your central image for one (images/header.jpg) is what IE7 is considering insecure.

 

You have absolute "http" links

When I looked earlier with mozilla, no warning. Just now I got one, but this is in the code for that image:

src="../images/header.jpg"

That's a relative URL, just like it was before, and should not be a problem.

 

Just rechecked, and the Google code is incorrect:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-1";

urchinTracker();

</script>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">

</script>

<script type="text/javascript">

_uacct = "UA-2273938-3";

urchinTracker();

 

</script>

 

I'm still not getting any warning in FF (2.0.0.5), but in IE7, certain images (like the header, that's an absolute http link) didn't display until I pressed the "yes" to display secure and non-secure. If you're using IE7, do a hard refresh and see.

 

If it were me, I'd do typical troubleshooting and copy the image files over to the SSL domain/sub-domain. It looks to me that with any non-secure/http link IE7 is gonna balk.

 

And also you're right, that first Google link needs to be fixed.

[Blueberry3.14]

Strange. What is your order page URL?

 

No hon, I'm talking about the page/URL posted by the OP of this thread.

D'oh!

 

Yes, I see what you mean now. Same result here on the OP's order page with IE7.

 

IE7 is a little different on some things. I had trouble with a redirect a few days ago, couldn't for the life of me figure WHY it wasn't working in IE7. The page kept refreshing but the redirect never worked. I assumed I must have done a typo or some such, until I checked it in 2 other browsers, worked fine.

 

IE7 now has META REFRESH disabled by default, and to turn it on is buried semi-deep in the settings.

[bear]

I'm still not getting any warning in FF (2.0.0.5), but in IE7, certain images (like the header, that's an absolute http link)

Where are you seeing an absolute link? "../images..." is not absolute. Paste the code you're seeing, please, with a few lines before and after.

 

If it were me, I'd do typical troubleshooting and copy the image files over to the SSL domain/sub-domain.

Not all server setups use separate folders for SSL (mainly Plesk does so). It's valid to use relative references and as long as the calling page is https, it works correctly.