Jump to content

Archived

This topic is now archived and is closed to further replies.

thebastion

DMS 2 Forces Unsecure Social Media Elements on Page

Recommended Posts

thebastion    20
thebastion

Hi there,

 

I have upgraded to DMS 2 today, everything went smoothly and apart from some minor amends everything worked apart from one thing.

 

I have an EV SSL Certficate installed on my site from GoDaddy.  Before the update the whole site had the green bar on all browsers.  After the update it's not showing on Opera, Chrome or Safari and IE is saying not displaying insecure elements.  FireFox seems Ok with it although the FireBug console does throw up errors.

 

If I switch the theme back to 2014 the errors disappear, so it is the theme causing the issue.  I have no social media set up on the site at all, I don't want it. 

 

I can't seem to find anywhere in DMS to switch the calls to FaceBook, LinkedIn, Twitter and Pinterest off.  They are casuing the Unsecure Element issues.

 

SSL is set up through our host's server via GoDaddy EV SSL.

WordPress admin General Settings is set to HTTPS for the site's WordPress Address and Site Address so the whole site is HTTPS.

I added this code to my .htaccess file to force SSL/HTTPS:

 

    #Force SSL on Entire Site
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

 

Any ideas?

 

Cheers

 

Stuart

Share this post


Link to post
Share on other sites
Danny    1,327
Danny

HI Stuart,

 

What are the errors in the Firefox console ? Do other browsers have any errors ?


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion    20
thebastion
One of each of these in FireFox for the 4 social sites:
 
    'Blocked loading mixed active content "http://graph.facebook.com/?id=https://lifeskills-education.co.uk/" '
 
One each of these for the Console in Chrome:
 
    'The page at 'https://lifeskills-education.co.uk/' was loaded over HTTPS, but ran insecure content from 'http://www.linkedin.com/countserv/count/share?url=https://lifeskills-educat…co.uk/&callback=jQuery1102022143942676484585_1396013658191&_=1396013658192': this content should also be loaded over HTTPS. '

Share this post


Link to post
Share on other sites
thebastion    20
thebastion

Mmm... not sure what is causing that error but have dropped it on my hosts to look at.

 

I however am definitely seeing non-ssl content using FireBug's consol as copied and pasted above.  These disappear when I activate the 2014 theme and only started when I updated DMS to version 2.

Share this post


Link to post
Share on other sites
Danny    1,327
Danny

Can you provide screenshots please.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion    20
thebastion

Ok, so in the absense of anything helpful I took a look at the site using IE's inspection tool which highlighted the issue as some code in the  dms/dms/js/pl.common.js file:

Line 533

            var that = this
            ,    url = "http://graph.facebook.com/?id="+ that.shareLocation +'&callback=?'
            ,    shareBtn = $('[data-social="facebook"]')

Line 486

            var that = this
            ,    url = 'http://urls.api.twitter.com/1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="twitter"]')

Line 465

            var that = this
            ,    url = 'http://api.pinterest.com/v1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="pinterest"]')

Line 507

            var that = this
            ,    url = 'http://www.linkedin.com/countserv/count/share?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="linkedin"]')

 

I changed the 4 instances of 'http' to 'https' and the insecure elements disappeared.  As I stated, the errors disappeared when I changed the theme so it had to be a DMS issue.  The worrying thing here is that I have no Social elements on my pages, so why is DMS adding them?

 

Hopefully that will help someone the wasted time of hunting the issue down again.

 

Maybe the devs can make the update?  Adding js to a child theme is a ball ache.

 

Stuart

Share this post


Link to post
Share on other sites
Simon    247
Simon

Fixed in next release.

Share this post


Link to post
Share on other sites

  • Similar Content

    • MissT
      By MissT+
      Hi there,
      I've got an issue with 3 websites built with DMS since I migrated them from http to https that I need help with please.
      When any changes are made - e.g. new posts added or existing posts amended - certain sections of the live site seem to break e.g. image headers hang and don't load (b/g on canvas section), sliders hang and don't load (Revslider), flipper section doesn't load.
      Logging in and then clicking 'Edit the site using DMS' seems to fix the problem. Often if I try to open up another browser window to edit the site / re publish I'm unable to as the page wont load / hangs while trying to load.
      Any ideas how to fix this? On a couple of the sites I've installed a caching plugin as I thought it might be a loading speed issue but it's still happening.
      Website URL's can be provided privately.
      Many thanks in advance.
    • indesco
      By indesco
      Hi,  I have just switched the site shockwatch.co.nz over to SSL.  I have one remaining mixed content error to solve, but cannot find this link anywhere when I look at the page source so struggling to figure out how to resolve it.  Can you assist at all?
      Mixed Content: The page at 'https://shockwatch.co.nz/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold&v1'. This request has been blocked; the content must be served over HTTPS.
      (index):1 Mixed Content: The page at 'https://shockwatch.co.nz/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold&v1'. This request has been blocked; the content must be served over HTTPS.
    • jsruby22
      By jsruby22
      I am trying to secure my website and it appears there are many files in the pagelines theme that are hard coded insecure. Can you make these urls secure from http to https? In the meantime how do I do it manually?
    • Objectif-Mariage
      By Objectif-Mariage+
      Hi , 
      I have passed my site from http to https, and I just discover that I have some mixed content regarding icons of the PL section boxes...
      Would you know how to fixe that ? (if it's possible ?)
      this is my web site adress : https://www.wedding-photography-minneapolis.com/

    • SaschaM
      By SaschaM+
      hi
      i wanted to point out at this time, that i am very very very happy with platform 5. (before i used DMS and others) as some ppl talking here some things are not working, i can say the opposite working on my Web:
      1. UberMenu
      is running fine, without shortcodes or "tricks" necessary - it runs out of the box with no problems in a few clicks configured. also further ubermenu plugins 100%
      2. Shift Nav
      As a further extension of UberMenu - also runs fine out of the box with a few clicks. also combine with ubermenu no problem (Ubermenu for normal nav, shift nav for mobile)
      3. https / SSL

      I user commodo instant ssl and everything runs fine (10 minutes installation) - no mixed content errors nothing everything very smooth :-). Google SERPS have been updated to https URLS wihtin 1 day(!)
      4. MaxCDN
      I use MaxCDN for sitespeed as i implemented also video backgrounds. it runs perfect with wp supercache
      5. Nginx
      I also run nginx on my webspace, also with that there a no problems with platform 5. I also use nginx streaming for video files, works perfect.
      For all points there a no functions codes necessary or implement shortcodes - it runs out of the box and makes it easy for everybody, whos a little firm in technical matters. Some guys here in the forum make it really complicated :-)
      I am working with pagelines around 5 years now, and platform 5 / framework 5 is the best tool ever
      BUT i am missing to configure site headlines h1-hx as in DMS possible easy way. It was a great way to make seo sitestructure. now there are lots of empty headlines or headlines or jumped over. in seo this causes errors in sites structure. this should be reworked.
      if you have any questions on pl5 with 1.-5. just ask me here....
      regs, 
      Sascha Mühlen
       
       
       
×