SSL works on admin backend but doesnt work on main website due to mixed content

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
idowu
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Wed Nov 12, 2008 1:23 pm

SSL works on admin backend but doesnt work on main website due to mixed content

Post by idowu » Thu Feb 22, 2018 10:31 am

Hello,

I am getting errors like

"was loaded over a secure connection, but contains a form that targets an insecure endpoint"

"The page at 'https://cybuds.com/index.php' was loaded over HTTPS, but requested an insecure script 'http://connect.facebook.net/en_GB/all.js'. This request has been blocked; the content must be served over HTTPS."

How can I resolve these so that the page content can be secure

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1665
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: SSL works on admin backend but doesnt work on main website due to mixed content

Post by fcoulter » Thu Feb 22, 2018 11:38 am

All the content that your page loads must be over https, so you would need to use https://connect.facebook.net/en_GB/all.js for the script that you mention.

I assume that this script is used by a facebook plugin (or possibly your template, or a module), check the settings for the plugin etc, see if it includes the option to load over https. If it does, problem solved. If not, check with the developer to find out what can be done, eg if they are going to make an update.

Or find another plugin, there is no lack of facebook plugins.

The same goes for any other content that produces warnings. Sometimes the content may be an image on your own site, in that case you simply need to find where the image is being loaded and change its url.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

idowu
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Wed Nov 12, 2008 1:23 pm

Re: SSL works on admin backend but doesnt work on main website due to mixed content

Post by idowu » Thu Feb 22, 2018 9:35 pm

Hello,

Thanks for the feedback.

I have found the facebook plugin that caused the problem and disabled it temporarily and that eliminated about 6 errors.

Now I have two errors left and can't locate the files that need to be edited because there are no such urls (http://fonts.googleapis.com/css?) the specific files (cybuds.com/index.php) on the error messages. Please check

Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family= ... 00,600,700'. This request has been blocked; the content must be served over HTTPS.

jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.1
index.php:155 Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://cybuds.com/index.php'. This endpoint should be made available over a secure connection.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1665
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: SSL works on admin backend but doesnt work on main website due to mixed content

Post by fcoulter » Thu Feb 22, 2018 10:58 pm

This is the code on your page that is loading the insecure stylesheet:

Code: Select all

<link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700" type="text/css" />
It is loading a Google font. It is probably in your site template, if so you will need to edit the template so the stylesheet is loading over https instead.

The insecure form is the newsletter subscriber form, I assume it is a module. You will probably need to modify the module so that it submits via https .
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

idowu
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Wed Nov 12, 2008 1:23 pm

Re: SSL works on admin backend but doesnt work on main website due to mixed content

Post by idowu » Fri Feb 23, 2018 3:57 am

Hello,

I just disabled the newsletter module and the https now works.

Though the "google fonts" error still exists, ssl now works. Do I still need to do anything about the font?


Post Reply

Return to “Administration Joomla! 3.x”