PriMoThemes — now s2Member® (official notice)

This is now a very OLD forum system. It's in READ-ONLY mode.
All community interaction now occurs at WP Sharks™. See: new forums @ WP Sharks™

Mixed elements problem on ssl page

s2Member Plugin. A Membership plugin for WordPress®.

Mixed elements problem on ssl page

Postby accessart » January 12th, 2012, 8:42 am

Hi, we have a pro form within our wordpress page: https://www.accessart.org.uk/?page_id=5394 which directs to a ssl. All fine, except with google chrome we get a mixed elements/some laments are not secure warning because of the references to http, rather than https within our page. Because this is a wordpress install, we can't switch off the widgets on the right hand side which are pointing to external http sites, on this one page. How can we get round this - we can't be the only ones with this mixed elements/wordpress/google chrome thing going on? We can't make a clean page outside our wordpress install because s2member pro sits within wordpress so how do we get round this?

Many thanks

Paula
User avatar
accessart
Registered User
Registered User
 
Posts: 21
Joined: June 24, 2010

Re: Mixed elements problem on ssl page

Postby Raam Dev » January 13th, 2012, 8:46 pm

Hi Paula,

As you probably know, this error is being thrown by your web browser because there are some URLs in the page source that point to non-SSL URLs. If you do a 'view-source' on the Pro Form page and then search for src="http://, any src URLs that are found are the ones causing this error. (When viewing a page using SSL, they should say src="https://.)

The options for solving this are as follows:

Option 1: Disable plugins that are adding non-secure URLs to your WordPress pages (alternately, you can use the Plugin Organizer plugin to disable those plugins on just the Pro Form page)

Option 2: Create a WordPress Page Template that doesn't include your sidebar/plugins/etc., and then assign that page template to your s2Member Pro Form page.

Option 2 will be a bit more complicated because you'll need to manually recreate everything in your <head>, which is usually generated automatically by WordPress (and includes all the stuff plugins add to the <head>).

I hope this helps!
Raam Dev || Wherever you are, be there. || Please rate s2Member!
User avatar
Raam Dev
Developer
Developer
 
Posts: 810
Joined: October 26, 2011

Re: Mixed elements problem on ssl page

Postby accessart » January 14th, 2012, 6:54 am

Many thanks Raam,

my understanding was that also any http element on an ssl page (rather than https) would cause an error, is this correct? When i view source code (to get rid of them) there are two http references within s2member itself - one the s2member verified image link at the bottom of the page, and secondly the http to the wiki url about the last three digits on a card...

Would s2member consider making these https?

Many thanks
User avatar
accessart
Registered User
Registered User
 
Posts: 21
Joined: June 24, 2010

Re: Mixed elements problem on ssl page

Postby Raam Dev » January 14th, 2012, 11:08 pm

Anchor tags that refer to non HTTP URLs (such as <a href="http://example.com">link</a>) do not cause the browser to throw messages about mixed elements.

Only HTML tags that are actually loading content from a non-secure URL into the page will cause these mixed element errors. Here are two common examples that would cause problems on an SSL page:

Code: Select all
<img src="http://example.com/photo.jpg"></img>


Code: Select all
<script type="text/javascript" src="http://example.com/something.js"></script>


In both examples, you'll notice the URLs start with src=. It's the src= URLs that are loading the content from that URL into the page. If those URLs point to a non-SSL page from a page that is protected by SSL, you'll get the mixed element warning. The href= URLs are harmless.

So, the link to the wiki URL won't matter (since it's using href=). However, that image URL (src=) will cause problems.

Could you copy and paste the HTML that loads the s2Member verified image? I don't recall any s2Member image code using hard-coded URLs, but I could be wrong.
Raam Dev || Wherever you are, be there. || Please rate s2Member!
User avatar
Raam Dev
Developer
Developer
 
Posts: 810
Joined: October 26, 2011

Re: Mixed elements problem on ssl page

Postby accessart » January 15th, 2012, 3:10 am

Thanks for the reply and explanation. Here is the code you requested: (which from above I'm assuming won't cause a problem...?)

<a href="http://www.s2member.com/" onclick="window.open('http://www.s2member.com/s-badges/s-details.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk', '_popup', 'width=752,height=702,left='+((screen.width/2)-(752/2))+',screenX='+((screen.width/2)-(752/2))+',top='+((screen.height/2)-(702/2))+',screenY='+((screen.height/2)-(702/2))+',location=0,menubar=0,toolbar=0,scrollbars=0,resizable=1'); return false;" title="s2Member&reg;"><img src="//www.s2member.com/s-badges/s-badge.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk" style="border:0;" alt="s2Member&reg;" title="s2Member&reg; ( Security for WordPress&reg; )" /></a>

thank you
User avatar
accessart
Registered User
Registered User
 
Posts: 21
Joined: June 24, 2010

Re: Mixed elements problem on ssl page

Postby accessart » January 15th, 2012, 5:12 am

Can I ask if s2member i pci compliant? Given that any site taking payments within their site (i.e. using paypal website payments pro) and where users stay on their site to input credit card details need to be pci compliant, have any other s2member pro users gone through this process?

As we use the s2member pro plugin (as a pro form) and some of the questions we need to answer to get compliance involve analysing every system component we also need to know if s2member as a plugin is pci compliant?

Many thanks
User avatar
accessart
Registered User
Registered User
 
Posts: 21
Joined: June 24, 2010

Re: Mixed elements problem on ssl page

Postby Raam Dev » January 16th, 2012, 9:44 pm

accessart wrote:Can I ask if s2member i pci compliant? Given that any site taking payments within their site (i.e. using paypal website payments pro) and where users stay on their site to input credit card details need to be pci compliant, have any other s2member pro users gone through this process?

As we use the s2member pro plugin (as a pro form) and some of the questions we need to answer to get compliance involve analysing every system component we also need to know if s2member as a plugin is pci compliant?

Many thanks


Answered here: viewtopic.php?f=4&t=16881&p=60741#p60741
Raam Dev || Wherever you are, be there. || Please rate s2Member!
User avatar
Raam Dev
Developer
Developer
 
Posts: 810
Joined: October 26, 2011

Re: Mixed elements problem on ssl page

Postby Raam Dev » January 16th, 2012, 9:45 pm

accessart wrote:Thanks for the reply and explanation. Here is the code you requested: (which from above I'm assuming won't cause a problem...?)

<a href="http://www.s2member.com/" onclick="window.open('http://www.s2member.com/s-badges/s-details.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk', '_popup', 'width=752,height=702,left='+((screen.width/2)-(752/2))+',screenX='+((screen.width/2)-(752/2))+',top='+((screen.height/2)-(702/2))+',screenY='+((screen.height/2)-(702/2))+',location=0,menubar=0,toolbar=0,scrollbars=0,resizable=1'); return false;" title="s2Member&reg;"><img src="//www.s2member.com/s-badges/s-badge.php?v=1&amp;site_url=https%3A%2F%2Fwww.accessart.org.uk" style="border:0;" alt="s2Member&reg;" title="s2Member&reg; ( Security for WordPress&reg; )" /></a>

thank you


That is correct. That code should not cause a mixed elements problem.
Raam Dev || Wherever you are, be there. || Please rate s2Member!
User avatar
Raam Dev
Developer
Developer
 
Posts: 810
Joined: October 26, 2011


Return to s2Member Plugin

Who is online

Users browsing this forum: Exabot [Bot], Google [Bot] and 1 guest

cron