Jump to content

Archived

This topic is now archived and is closed to further replies.

thebastion

DMS 2 Forces Unsecure Social Media Elements on Page

Recommended Posts

thebastion

Hi there,

 

I have upgraded to DMS 2 today, everything went smoothly and apart from some minor amends everything worked apart from one thing.

 

I have an EV SSL Certficate installed on my site from GoDaddy.  Before the update the whole site had the green bar on all browsers.  After the update it's not showing on Opera, Chrome or Safari and IE is saying not displaying insecure elements.  FireFox seems Ok with it although the FireBug console does throw up errors.

 

If I switch the theme back to 2014 the errors disappear, so it is the theme causing the issue.  I have no social media set up on the site at all, I don't want it. 

 

I can't seem to find anywhere in DMS to switch the calls to FaceBook, LinkedIn, Twitter and Pinterest off.  They are casuing the Unsecure Element issues.

 

SSL is set up through our host's server via GoDaddy EV SSL.

WordPress admin General Settings is set to HTTPS for the site's WordPress Address and Site Address so the whole site is HTTPS.

I added this code to my .htaccess file to force SSL/HTTPS:

 

    #Force SSL on Entire Site
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

 

Any ideas?

 

Cheers

 

Stuart

Share this post


Link to post
Share on other sites
Danny

HI Stuart,

 

What are the errors in the Firefox console ? Do other browsers have any errors ?


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion
One of each of these in FireFox for the 4 social sites:
 
    'Blocked loading mixed active content "http://graph.facebook.com/?id=https://lifeskills-education.co.uk/" '
 
One each of these for the Console in Chrome:
 
    'The page at 'https://lifeskills-education.co.uk/' was loaded over HTTPS, but ran insecure content from 'http://www.linkedin.com/countserv/count/share?url=https://lifeskills-educat…co.uk/&callback=jQuery1102022143942676484585_1396013658191&_=1396013658192': this content should also be loaded over HTTPS. '

Share this post


Link to post
Share on other sites
thebastion

Mmm... not sure what is causing that error but have dropped it on my hosts to look at.

 

I however am definitely seeing non-ssl content using FireBug's consol as copied and pasted above.  These disappear when I activate the 2014 theme and only started when I updated DMS to version 2.

Share this post


Link to post
Share on other sites
Danny

Can you provide screenshots please.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
thebastion

Ok, so in the absense of anything helpful I took a look at the site using IE's inspection tool which highlighted the issue as some code in the  dms/dms/js/pl.common.js file:

Line 533

            var that = this
            ,    url = "http://graph.facebook.com/?id="+ that.shareLocation +'&callback=?'
            ,    shareBtn = $('[data-social="facebook"]')

Line 486

            var that = this
            ,    url = 'http://urls.api.twitter.com/1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="twitter"]')

Line 465

            var that = this
            ,    url = 'http://api.pinterest.com/v1/urls/count.json?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="pinterest"]')

Line 507

            var that = this
            ,    url = 'http://www.linkedin.com/countserv/count/share?url=+that.shareLocation+&callback=?'
            ,    shareBtn = $('[data-social="linkedin"]')

 

I changed the 4 instances of 'http' to 'https' and the insecure elements disappeared.  As I stated, the errors disappeared when I changed the theme so it had to be a DMS issue.  The worrying thing here is that I have no Social elements on my pages, so why is DMS adding them?

 

Hopefully that will help someone the wasted time of hunting the issue down again.

 

Maybe the devs can make the update?  Adding js to a child theme is a ball ache.

 

Stuart

Share this post


Link to post
Share on other sites
Simon

Fixed in next release.

Share this post


Link to post
Share on other sites

  • Similar Content

    • israelgenealogy
      By israelgenealogy
      I have an old PageLines site that I recently got working with SSL, but there are mixed content errors. There are two problems I've found. One is the search button icon called from forms.less:
      url(@{plRoot}/images/search-btn@2x.png)
      The second is when PageLines loads FontAwesome from icons.less:

      url('@{iconFont}.eot?v=3.0.1');

      Where is similarly loads the font using http. Any idea why these are loading using http instead of https, and is there a simple way to fix these? I know I need to upgrade the theme, but it's a major project, so for the moment I'd just like to get these secured before taking on switching themes/frameworks.
    • Dan Haddock
      By Dan Haddock
      Plugins Active and installed: 
      Akismet Anti-Spam
      Coming Soon Page & Maintenance Mode by SeedProd
      Contact Form 7
      Cookie Law Info
      DMS Professional Tools  
      Enhanced Media Library  
      Flamingo
      Google Analytics for WordPress by MonsterInsights
      Google XML Sitemap
      Jetpack by WordPress.com
      Legull 
      Loginizer   
      MailChimp for WordPress
      PageLines Updater    
      Schema App Structured Data 
      Sucuri Security - Auditing, Malware Scanner and Hardening
      Uber reCaptcha    
      Yoast SEO
      Wordpress Version: 4.8.1
      Pagelines Version: 2.2.4
       
      Good Evening/Afternoon or Morning, 
      I am running into a problem with CSS styling not applying inside of most browsers (Safari, Firefox) when I am logged in to wordpress, and all browsers that I have tested when I am logged off and the site has been made public (Chrome, Firefox and Safari).
      As a result, I have managed to identify the probable cause. It looks as though these browsers are refusing to render my sites compiled CSS file due to it being a HTTP URL rather than HTTPS.
      I have attempted to change this URL to HTTPS in my browser, however it brings back an ERROR: File not found page - https://www.shortfilmblog.com/wp-content/uploads/pagelines/compiled-css-core-1505847507.css
      What would you suggest in this regard? Would this be resolvable from your end?
      Happy to provide any further details required.
    • dougalperman
      By dougalperman+
      Hi there,
      I've getting a recurring error:
      "Platform 5 Connection IssuecURL error 60: SSL certificate problem: certificate has expired"
      I can't get the Extension Engine to load. It just times out. Same happens on two different sites that I run (www.innerear.co.uk and www.tradtv.scot, which I'm currently rebuilding).
      I've tried disabling all plugins (apart from Platform 5) andI contacted my hosts and they aren't blocking any IP addresses. I've deactivated and reactivated the Platform 5 plugin and disconnected and reconnected my account.
      Is there an issue with the Pagelines SSL certificate or something else causing the connection issue and stopping the extension engine from loading (it just spins with the LOADING cog and nothing happens, regardless of how long I leave it).
      Any help much appreciated.
    • MissT
      By MissT+
      Hi there,
      I've got an issue with 3 websites built with DMS since I migrated them from http to https that I need help with please.
      When any changes are made - e.g. new posts added or existing posts amended - certain sections of the live site seem to break e.g. image headers hang and don't load (b/g on canvas section), sliders hang and don't load (Revslider), flipper section doesn't load.
      Logging in and then clicking 'Edit the site using DMS' seems to fix the problem. Often if I try to open up another browser window to edit the site / re publish I'm unable to as the page wont load / hangs while trying to load.
      Any ideas how to fix this? On a couple of the sites I've installed a caching plugin as I thought it might be a loading speed issue but it's still happening.
      Website URL's can be provided privately.
      Many thanks in advance.
    • indesco
      By indesco
      Hi,  I have just switched the site shockwatch.co.nz over to SSL.  I have one remaining mixed content error to solve, but cannot find this link anywhere when I look at the page source so struggling to figure out how to resolve it.  Can you assist at all?
      Mixed Content: The page at 'https://shockwatch.co.nz/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold&v1'. This request has been blocked; the content must be served over HTTPS.
      (index):1 Mixed Content: The page at 'https://shockwatch.co.nz/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Droid+Sans:regular,bold&v1'. This request has been blocked; the content must be served over HTTPS.
×