Mixed content and reCaptcha when using SSL

The support for Joomla 2.5 ended on December 31, 2014. Possible bugs in Joomla 2.5 will not be patched anymore. This forum has been closed. Please update your website to Joomla 3.x

Moderator: ooffick

Forum rules
Please use the official Bug Tracker to report a bug: https://issues.joomla.org
Locked
alwarren
Joomla! Guru
Joomla! Guru
Posts: 527
Joined: Fri Aug 19, 2005 9:27 am

Mixed content and reCaptcha when using SSL

Post by alwarren » Sat Feb 09, 2013 5:19 pm

There are certain situations where reCaptcha will cause mixed content with SSL. Consider the following:

Code: Select all

		$server = self::RECAPTCHA_API_SERVER;
		if ($app->isSSLConnection())
		{
			$server = self::RECAPTCHA_API_SECURE_SERVER;
		}

Code: Select all

	public function isSSLConnection()
	{
		return ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) || getenv('SSL_PROTOCOL_VERSION'));
	}
In a case where a server is behind a proxy that masks the protocol and SSL, the above logic will cause mixed content which will prevent the captcha from displaying.

There are two alternatives. Always use an SSL server to retrieve captcha content. Or offer an additional parameter in the plugin that allows the admin to force SSL.

I can't think of a reason not to always use SSL to retrieve captcha content.
Al Warren
This ain't my first rodeo. Red Foreman says it best.
CQDX de WR5AW

Locked

Return to “Joomla! 2.5 Bug Reporting”