Community Support Forums

Re: wikipedia links are killing ssl

2011-11-15T17:17:40-05:00

Thank you for following up, Jason. That's in opposition to what I was told by the folks at HostGator, but I assume you're a better source of info.

One of the things I've learned in this process is the importance of restarting Chrome after making a change. If you don't do that, it gives you misleading feedback.

Statistics: Posted by raygulick — November 15th, 2011, 5:17 pm

Re: wikipedia links are killing ssl

2011-11-15T16:22:48-05:00

Thanks for the heads up on this thread.

The only URLs that need to be served over SSL, are those which lead to "resources" used by the browser on a particular page of your site. Resources are defined as anything that the browser may load up in the context of a particular page on your site.

For example, if you have a JavaScript file, an image, a video, an icon, or another embedded resource that contributes to the display or functionality of a particular page, that MUST be served over SSL to prevent the infamous Secure/Insecure warning in some browsers.

However, "links" are NOT resources. Links lead visitors to another destination entirely, and are NOT classified as a "resource" for a particular page on your site. Therefore, they don't need to be converted over to an SSL protocol. For example, you might have a page that is served over SSL, with a link to a Wikipedia article. That link does NOT need to use the https:// protocol.

Related article: http://blogs.msdn.com/b/ieinternals/arc ... n-ie8.aspx

Statistics: Posted by Jason Caldwell — November 15th, 2011, 4:22 pm

Re: wikipedia links are killing ssl

2011-11-09T13:33:51-05:00

OK, I restarted my browser (after fixing all issues but the above), and I'm no longer getting insecure messages. Can someone explain to me why having this one insecure link is OK, while all other insecure links were breaking SSL?

Statistics: Posted by raygulick — November 9th, 2011, 1:33 pm

wikipedia links are killing ssl

2011-11-09T13:24:53-05:00

Why does s2member include (apparently several) http: (insecure) links to wikipedia in the paypal forms? These links result in warning of an insecure page to visitors:
Your connection to [domain] is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

One example:

Code:: Card Verification Code ( 3-4 digits ) * need help?

I've fixed all non-secure issues except these hard-coded links in s2member, and I'm reluctant to edit them directly, as I know that's a solution that will only last until the next update.

Could you please make an update that fixes this problem? Or is there a fix to this issue that I just can't find?

Statistics: Posted by raygulick — November 9th, 2011, 1:24 pm