Jump to content

Archived

This topic is now archived and is closed to further replies.

thebastion

DMS 2 Forces Unsecure Social Media Elements on Page

Recommended Posts

thebastion

Hi there,

 

I have upgraded to DMS 2 today, everything went smoothly and apart from some minor amends everything worked apart from one thing.

 

I have an EV SSL Certficate installed on my site from GoDaddy.  Before the update the whole site had the green bar on all browsers.  After the update it's not showing on Opera, Chrome or Safari and IE is saying not displaying insecure elements.  FireFox seems Ok with it although the FireBug console does throw up errors.

 

If I switch the theme back to 2014 the errors disappear, so it is the theme causing the issue.  I have no social media set up on the site at all, I don't want it. 

 

I can't seem to find anywhere in DMS to switch the calls to FaceBook, LinkedIn, Twitter and Pinterest off.  They are casuing the Unsecure Element issues.

 

SSL is set up through our host's server via GoDaddy EV SSL.

WordPress admin General Settings is set to HTTPS for the site's WordPress Address and Site Address so the whole site is HTTPS.

I added this code to my .htaccess file to force SSL/HTTPS:

 

    #Force SSL on Entire Site
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

 

Any ideas?

 

Cheers

 

Stuart

Share this post


Link to post
Share on other sites
Danny

HI Stuart,

 

What are the errors in the Firefox console ? Do other browsers have any errors ?


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion
One of each of these in FireFox for the 4 social sites:
 
    'Blocked loading mixed active content "http://graph.facebook.com/?id=https://lifeskills-education.co.uk/" '
 
One each of these for the Console in Chrome:
 
    'The page at 'https://lifeskills-education.co.uk/' was loaded over HTTPS, but ran insecure content from 'http://www.linkedin.com/countserv/count/share?url=https://lifeskills-educat…co.uk/&callback=jQuery1102022143942676484585_1396013658191&_=1396013658192': this content should also be loaded over HTTPS. '

Share this post


Link to post
Share on other sites
thebastion

Mmm... not sure what is causing that error but have dropped it on my hosts to look at.

 

I however am definitely seeing non-ssl content using FireBug's consol as copied and pasted above.  These disappear when I activate the 2014 theme and only started when I updated DMS to version 2.

Share this post


Link to post
Share on other sites
Danny

Can you provide screenshots please.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion

Ok, so in the absense of anything helpful I took a look at the site using IE's inspection tool which highlighted the issue as some code in the  dms/dms/js/pl.common.js file:

Line 533

            var that = this
            ,    url = "http://graph.facebook.com/?id="+ that.shareLocation +'&callback=?'
            ,    shareBtn = $('[data-social="facebook"]')

Line 486

            var that = this
            ,    url = 'http://urls.api.twitter.com/1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="twitter"]')

Line 465

            var that = this
            ,    url = 'http://api.pinterest.com/v1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="pinterest"]')

Line 507

            var that = this
            ,    url = 'http://www.linkedin.com/countserv/count/share?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="linkedin"]')

 

I changed the 4 instances of 'http' to 'https' and the insecure elements disappeared.  As I stated, the errors disappeared when I changed the theme so it had to be a DMS issue.  The worrying thing here is that I have no Social elements on my pages, so why is DMS adding them?

 

Hopefully that will help someone the wasted time of hunting the issue down again.

 

Maybe the devs can make the update?  Adding js to a child theme is a ball ache.

 

Stuart

Share this post


Link to post
Share on other sites
Simon

Fixed in next release.

Share this post


Link to post
Share on other sites

  • Similar Content

    • marshallsolutions
      By marshallsolutions
      For the site https://marshallsirishpub.com I am running
      Wordpress 4.9.4
      Pagelines base theme 1.0.2
      Pagelines Framework 2.5.0
      The share bar specifically Stumble Upon is causing an error when checking SSL for HTTPS at whynopadlock.com.  Here is the errors shown:
      A file with an insecure url of "http://cdn.stumble-upon.com/js/badge_su.js?v=20120613" was loaded on line: 1 of https://www.stumbleupon.com/badge/embed/2/?url=https%3A%2F%2Fmarshallsirishpub.com%2F.
      A file with an insecure url of "http://cdn.stumble-upon.com/css/badges_su.css?v=20120613" was loaded on line: 1 of https://www.stumbleupon.com/badge/embed/2/?url=https%3A%2F%2Fmarshallsirishpub.com%2F.

      Errors that are reported on line 1 are generally not part of the source code. This error may be caused by an external javascript file which is writing to the page, however we are unable to reliably detect these scripts in our automated test.
      Please contact us using the "Need Help?" link below if you need assistance with resolving this error.
      I contacted support at Really Simple SSL which is the plugin we use to convert the site to HTTPS via SSL.  They said I should contact you guys.  Here is what their support had to say via email:
      the sharing bar seems to load the Stumbleupon script over http:// despite being trying to redirect it to https://. The cdn.stumbleupon doesn't seem to have an SSL certificate and therefore refuses to load over https://. I'd suggest to contact the developer of the sharing plugin, the Stumbleupon button can de designed in another way, without it trying to load a script over http://.
      So it seems I need to modify some file in pagelines to make the stumble upon portion of the share bar to read https and not http.  If that's not possible then I need to remove stumble upon from the share bar.
      Thanks.
    • yemoonyah
      By yemoonyah+
      Hi, even though I just got a SSL certificate, I can't get the green padlock to appear due to the following error:
      :A file with an insecure url of "http://yemoonyah.com/wp-content/plugins/pl-section-boxes/check.svg" was loaded via the javascript file: https://yemoonyah.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 on line 3. The insecure URL may not be directly contained in the script file and may exist elsewhere."
      I figured if I delete and re-install the plugin it might fix the problem but will my boxes on the website still be there? Or do I have to redesign everything all over again if I delete the plugin and then re-install it?
    • israelgenealogy
      By israelgenealogy
      I have an old PageLines site that I recently got working with SSL, but there are mixed content errors. There are two problems I've found. One is the search button icon called from forms.less:
      url(@{plRoot}/images/search-btn@2x.png)
      The second is when PageLines loads FontAwesome from icons.less:

      url('@{iconFont}.eot?v=3.0.1');

      Where is similarly loads the font using http. Any idea why these are loading using http instead of https, and is there a simple way to fix these? I know I need to upgrade the theme, but it's a major project, so for the moment I'd just like to get these secured before taking on switching themes/frameworks.
    • Dan Haddock
      By Dan Haddock
      Plugins Active and installed: 
      Akismet Anti-Spam
      Coming Soon Page & Maintenance Mode by SeedProd
      Contact Form 7
      Cookie Law Info
      DMS Professional Tools  
      Enhanced Media Library  
      Flamingo
      Google Analytics for WordPress by MonsterInsights
      Google XML Sitemap
      Jetpack by WordPress.com
      Legull 
      Loginizer   
      MailChimp for WordPress
      PageLines Updater    
      Schema App Structured Data 
      Sucuri Security - Auditing, Malware Scanner and Hardening
      Uber reCaptcha    
      Yoast SEO
      Wordpress Version: 4.8.1
      Pagelines Version: 2.2.4
       
      Good Evening/Afternoon or Morning, 
      I am running into a problem with CSS styling not applying inside of most browsers (Safari, Firefox) when I am logged in to wordpress, and all browsers that I have tested when I am logged off and the site has been made public (Chrome, Firefox and Safari).
      As a result, I have managed to identify the probable cause. It looks as though these browsers are refusing to render my sites compiled CSS file due to it being a HTTP URL rather than HTTPS.
      I have attempted to change this URL to HTTPS in my browser, however it brings back an ERROR: File not found page - https://www.shortfilmblog.com/wp-content/uploads/pagelines/compiled-css-core-1505847507.css
      What would you suggest in this regard? Would this be resolvable from your end?
      Happy to provide any further details required.
×