We have an issue with our SSL not validating.
It says there are insecure elements on the page, which is not the case since a refresh then shows it validates.
When browsing on http:// and going to or redirecting to https:// causes this problem.
When browsing on https:// already and going to another https:// page doesn’t cause this problem.
Can you elaborate on that part? Are you using htaccess to handle the redirection? If so, can you provide the Rule you are using? Are you using something else?
Nope, no insecure elements/resources with http:// . All resources are https://
The SSL shows insecure and refreshing the page makes it validate and work as expected.
I agree with Mittineague, and I also feel this is a case where providing the link will help you get a better response (otherwise, we can guess till were blue in the face).
If it is family appropriate, feel free to provide it (if you don’t mind everyone will see it), otherwise, feel free to PM a few of us it and we’ll take a closer look.
From the home page, add something to the cart by clicking “Buy It Now” button on any of the products in the slider.
You’ll see it adds, redirects to the cart which is on https:// (SSL) but it doesn’t validate. Refresh the page and then it validates.
With something in your cart, go to the home page again which is http:// (non-SSL).
Then click the “My Shopping Cart” link in the header to go to https:// (SSL) cart page, it doesn’t validate.
Then clicking that link again or refreshing, it works.
We’ve used SSL on many sites and never seen this problem.
It also used to work fine. I’m just stumped, that’s why I’m posting here because there are very savvy and clever guys here which could spot something which we cannot.
Basically from the message above… going from https:// to https:// works fine.
But going from http:// to https:// doesn’t… it doesn’t validate and only validates with a refresh.
Yes, it was the search form action attribute.
I changed it to https:// and it seems to have fixed the problem.
Never seen this before.
I assume it’s not the actual attribute but rather something that the Google CSE script running on that form does with it as the document has finished loading?
Either way, thanks for your help, I think it is sorted now
Not sure if this makes a difference but your fonts.css uses http://themes.googleusercontent.com for the Open Sans url. In fact that seems to be what it is complaining about. Here is what I have in Chrome Developer Tools:
Yes, you are right, thank you for that. That solved the problem.
What a hassle… I never bothered to look into the CSS files to see the sources they are loading.
Thanks again man!