Hello,
I am getting errors like
"was loaded over a secure connection, but contains a form that targets an insecure endpoint"
"The page at 'https://cybuds.com/index.php' was loaded over HTTPS, but requested an insecure script 'http://connect.facebook.net/en_GB/all.js'. This request has been blocked; the content must be served over HTTPS."
How can I resolve these so that the page content can be secure
SSL works on admin backend but doesnt work on main website due to mixed content
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Apprentice
- Posts: 25
- Joined: Wed Nov 12, 2008 1:23 pm
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: SSL works on admin backend but doesnt work on main website due to mixed content
All the content that your page loads must be over https, so you would need to use https://connect.facebook.net/en_GB/all.js for the script that you mention.
I assume that this script is used by a facebook plugin (or possibly your template, or a module), check the settings for the plugin etc, see if it includes the option to load over https. If it does, problem solved. If not, check with the developer to find out what can be done, eg if they are going to make an update.
Or find another plugin, there is no lack of facebook plugins.
The same goes for any other content that produces warnings. Sometimes the content may be an image on your own site, in that case you simply need to find where the image is being loaded and change its url.
I assume that this script is used by a facebook plugin (or possibly your template, or a module), check the settings for the plugin etc, see if it includes the option to load over https. If it does, problem solved. If not, check with the developer to find out what can be done, eg if they are going to make an update.
Or find another plugin, there is no lack of facebook plugins.
The same goes for any other content that produces warnings. Sometimes the content may be an image on your own site, in that case you simply need to find where the image is being loaded and change its url.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
-
- Joomla! Apprentice
- Posts: 25
- Joined: Wed Nov 12, 2008 1:23 pm
Re: SSL works on admin backend but doesnt work on main website due to mixed content
Hello,
Thanks for the feedback.
I have found the facebook plugin that caused the problem and disabled it temporarily and that eliminated about 6 errors.
Now I have two errors left and can't locate the files that need to be edited because there are no such urls (http://fonts.googleapis.com/css?) the specific files (cybuds.com/index.php) on the error messages. Please check
Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family= ... 00,600,700'. This request has been blocked; the content must be served over HTTPS.
jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.1
index.php:155 Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://cybuds.com/index.php'. This endpoint should be made available over a secure connection.
Thanks for the feedback.
I have found the facebook plugin that caused the problem and disabled it temporarily and that eliminated about 6 errors.
Now I have two errors left and can't locate the files that need to be edited because there are no such urls (http://fonts.googleapis.com/css?) the specific files (cybuds.com/index.php) on the error messages. Please check
Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family= ... 00,600,700'. This request has been blocked; the content must be served over HTTPS.
jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.1
index.php:155 Mixed Content: The page at 'https://cybuds.com/index.php' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://cybuds.com/index.php'. This endpoint should be made available over a secure connection.
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: SSL works on admin backend but doesnt work on main website due to mixed content
This is the code on your page that is loading the insecure stylesheet:
It is loading a Google font. It is probably in your site template, if so you will need to edit the template so the stylesheet is loading over https instead.
The insecure form is the newsletter subscriber form, I assume it is a module. You will probably need to modify the module so that it submits via https .
Code: Select all
<link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700" type="text/css" />
The insecure form is the newsletter subscriber form, I assume it is a module. You will probably need to modify the module so that it submits via https .
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
-
- Joomla! Apprentice
- Posts: 25
- Joined: Wed Nov 12, 2008 1:23 pm
Re: SSL works on admin backend but doesnt work on main website due to mixed content
Hello,
I just disabled the newsletter module and the https now works.
Though the "google fonts" error still exists, ssl now works. Do I still need to do anything about the font?
I just disabled the newsletter module and the https now works.
Though the "google fonts" error still exists, ssl now works. Do I still need to do anything about the font?