CiviCRM Community Forums (archive)

Opened the Social Networking template at "/templates/CRM/common/SocialNetwork.tpl" and changed http:// to https:// on lines 38, 41, 48 and 56.

Now, event info pages have no warnings! 

xavier,

Changed "/templates/CRM/common/SocialNetwork.tpl" again to test your suggestion removing "https:" from lines 38, 41, 48 and 56. After clearing the caches, it appears to load the social networking resources over https.

Checked the source of the page and can confirm that "//" works.

Created 'bug' in Issue Tracker with patch.

(Please check patch as it is my first ever...)

As requested, the link to the issue:

http://issues.civicrm.org/jira/browse/CRM-9886

Will post back with the link/patch for the Google.tpl

Since a few of us are looking into this SSL stuff with CiviCRM, I have another issue that's related. My browser's kept telling me that my CiviCRM site was insecure, and after resolving BOTH the social network issues and the Google Maps problem, everything's weeded out except for one thing.

CiviCRM is making insecure calls to a few more things. It does so on ALL of my CiviCRM pages, especially donation & membership signups (which will likely scare the bejeebus out of potential donors if they see it). What's very strange is that Internet Explorer doesn't seem to have any issues with these insecure calls, but Google Chrome does.

Here's a readout of Chrome's Console section. You can use this to identify EXACTLY what insecure content is being loaded. Follow this link for directions.

My readout:

The page at https://www.midwestrenew.org/civicrm/contribute/transact?reset=1&id=6 ran insecure content from http://midwestrenew.org/sites/all/modules/civicrm/packages/tinymce/jscripts/tiny_mce/jquery.tinymce.js.

The page at https://www.midwestrenew.org/civicrm/contribute/transact?reset=1&id=6 ran insecure content from http://midwestrenew.org/sites/all/modules/civicrm/packages/tinymce/jscripts/tiny_mce/tiny_mce.js.

The page at https://www.midwestrenew.org/civicrm/contribute/transact?reset=1&id=6 displayed insecure content from http://midwestrenew.org/sites/all/modules/civicrm/packages/jquery/css/images/arrow.png.

The page at https://www.midwestrenew.org/civicrm/contribute/transact?reset=1&id=6 displayed insecure content from http://midwestrenew.org/sites/all/modules/civicrm/i/mini_cvv2.gif.

Even though my .htaccess forces these calls to load as "https", the module is performing calls to "http". Changing the editor to CKEditor yields the same issue, changing it to plain text makes it go away (but let's be honest, that is not a fix). As far as the Arrow and mini_cvv2 images....not sure why that is.

I'm going to download a copy of my module and try to figure out where these calls are being made from, if any CiviCRM devs out there want to give it a go that'd be great.

Hi,
If you find in the code the places where it's included and replace the "http://" by "//" it should work.

This being said, not sure why it's including tinymce, do you have custom fields? What's your CMS configuration?

I'm assuming you have configured civi to use SSL?

X+

Yes I do have custom fields.

My CMS configuration? I'm running 4.1.1 on Drupal 6.25.

I configured Civi to "Force Secure URLs" (set to Yes), and my Resource URLs all point to https.

I'm confused. You are having https://example.org/... as your resourceBase AND you still have http://links?

Would be good you find the cause and submit a patch, so you won't have to do the patch manually at each upgrade and could solve the pb for others as well.

X+

christopherleslie,

I have checked my install for similar offending scripts and cannot find any.
Looking at your error below may indicate SSL certificate issues;

The page at https://www.midwestrenew.org/civicrm/contribute/transact?reset=1&id=6 ran insecure content from http://midwestrenew.org/sites/all/modules/civicrm/packages/tinymce/jscripts/tiny_mce/jquery.tinymce.js.

Let me explain (you probably know this already);
Standard SSL certificates are valid for only one site: subdomain.domain.tld OR domain.tld. Therefore a www subdomain would need a separate SSL certificate to domain.tld. The error above occurs as a result of a script executed at subdomain.domain.tld referencing resources/content outside of SSL at domain.tld.
A quick look at your site indicates that redirects are working (or should work) from non-SSL /non-www requests (and vice-versa).
Could you look at your civicrm.setting.php file and check if the following works?

define( 'CIVICRM_UF_BASEURL'      , 'https://www.midwestrenew.org/' );

I have also had problems with users linking images located external to https inside the WYSIWYG editors - causing all sorts of insecure warnings...