contrid — 2013-11-26T14:49:13-05:00 — #1
We have an issue with our SSL not validating.
It says there are insecure elements on the page, which is not the case since a refresh then shows it validates.
When browsing on http:// and going to or redirecting to https:// causes this problem.
When browsing on https:// already and going to another https:// page doesn't cause this problem.
Any ideas why?
We are stumped.
All the best
cpradio — 2013-11-26T14:52:35-05:00 — #2
Can you elaborate on that part? Are you using htaccess to handle the redirection? If so, can you provide the Rule you are using? Are you using something else?
contrid — 2013-11-27T04:02:21-05:00 — #3
I'm currently using PHP header location but I've tried .htaccess mod_rewrite as well.
Is there a specific header needed? 301 maybe?
ralphm — 2013-11-27T04:26:58-05:00 — #4
Do you have links to any assets on the page (such as images) that start with
http://? That's often the cause of problems.
contrid — 2013-11-27T04:31:53-05:00 — #5
Nope, no insecure elements/resources with http:// . All resources are https://
The SSL shows insecure and refreshing the page makes it validate and work as expected.
contrid — 2013-11-27T04:38:03-05:00 — #6
I can show you the page but I'm not sure if I'm supposed to paste links here
mittineague — 2013-11-27T04:51:58-05:00 — #7
If it's your Sig cart, my wild guess is the search form action attribute.
If the site isn't "family friendly" you could PM to either of us. (though I'm going offline to get some sleep now)
cpradio — 2013-11-27T05:56:12-05:00 — #8
I agree with Mittineague, and I also feel this is a case where providing the link will help you get a better response (otherwise, we can guess till were blue in the face).
If it is family appropriate, feel free to provide it (if you don't mind everyone will see it), otherwise, feel free to PM a few of us it and we'll take a closer look.
contrid — 2013-11-27T06:08:16-05:00 — #9
Thank you for your responses, guys.
It is the link in my signature: http://tribulant.com
From the home page, add something to the cart by clicking "Buy It Now" button on any of the products in the slider.
You'll see it adds, redirects to the cart which is on https:// (SSL) but it doesn't validate. Refresh the page and then it validates.
With something in your cart, go to the home page again which is http:// (non-SSL).
Then click the "My Shopping Cart" link in the header to go to https:// (SSL) cart page, it doesn't validate.
Then clicking that link again or refreshing, it works.
We've used SSL on many sites and never seen this problem.
It also used to work fine. I'm just stumped, that's why I'm posting here because there are very savvy and clever guys here which could spot something which we cannot.
contrid — 2013-11-27T06:09:08-05:00 — #10
Basically from the message above... going from https:// to https:// works fine.
But going from http:// to https:// doesn't... it doesn't validate and only validates with a refresh.
contrid — 2013-11-27T06:16:02-05:00 — #11
Yes, it was the search form action attribute.
I changed it to https:// and it seems to have fixed the problem.
Never seen this before.
I assume it's not the actual attribute but rather something that the Google CSE script running on that form does with it as the document has finished loading?
Either way, thanks for your help, I think it is sorted now
contrid — 2013-11-27T06:31:27-05:00 — #12
Maybe I spoke too soon, the problem is not resolved. I may have had cache
cpradio — 2013-11-27T07:30:50-05:00 — #13
Not sure if this makes a difference but your fonts.css uses http://themes.googleusercontent.com for the Open Sans url. In fact that seems to be what it is complaining about. Here is what I have in Chrome Developer Tools:
contrid — 2013-11-28T07:11:35-05:00 — #14
Yes, you are right, thank you for that. That solved the problem.
What a hassle... I never bothered to look into the CSS files to see the sources they are loading.
Thanks again man!