Home » Forums » General » General Discussion

Page contains both secure and nonsecure items error

Submitted by amaria on Sat, 09/06/2008 - 11:09
amaria
Posts: 28
 Joined: 04/04/2008

I'm getting this error on the checkout page (and only the checkout page), and have been since I've been using Ubercart and SecurePages. SecurePages is setup to secure these url's...
node/add*
node/*/edit
user/*
admin*
admin/*
cart/checkout
cart/checkout/review
cart/checkout/payment_details/*
cart/checkout/complete

And ignore these:
*/autocomplete/*
files/*
misc/*

I unset all of the css and js files except all ubercart js files, drupal.js and jquery.js yet I still get this error. I don't have any image url's with http: as opposed to https:. I started unsetting ubercart js files (at least the ones that won't break the page entirely) to see if any of those are causing the error and it turns out that unsetting the uc_taxes js file causes the error to go away.

Does anyone know why that would be the cause??

UPDATE
- I changed the theme from custom to Garland, error still persists.
- I unset "Show the order total preview on the payment pane.", error goes away!

--

Chisholm Technologies, Inc.
Custom software development since 1999!
www.chisholmtech.com
permalink #1 Sat, 09/06/2008 - 13:28
amaria
Posts: 28
 Joined: 04/04/2008

After further investigation, I commented out the line referring to throbber.gif in uc_payment.js and the error goes away. Very strange. This happens in I.E. 6 and 7. FF is Ok.

--

Chisholm Technologies, Inc.
Custom software development since 1999!
www.chisholmtech.com

permalink #2 Mon, 09/08/2008 - 09:30
Ryan

Posts: 5353
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

Curious... can you solve it by adding the throbber's path to your SecurePages settings? It should be misc/throbber.gif or something like that.

permalink #3 Mon, 09/08/2008 - 19:31
amaria
Posts: 28
 Joined: 04/04/2008

Yeah, I had done that and still no luck. I wonder if it has something to do with jquery? I used jquery_update module to make sure I have the latest version of jquery for use with some things I'm doing with thickbox.

--

Chisholm Technologies, Inc.
Custom software development since 1999!
www.chisholmtech.com

permalink #4 Tue, 09/09/2008 - 17:45
Akwaaba
Posts: 2
 Joined: 09/05/2008

I also found it gave the error when you click "Click to calculate shipping" and the order total pane shows. The throbber appended to basePath (typically http://www.example.com0, not https://www.example.com), and I don't beleive Secure Pages will override that URL. Perhaps a relative URL would work better:

Replace line 74 of ubercart/payment/uc_payment/uc_payment.js
$('#order-total-throbber').attr('style', 'background-image: url(' + Drupal.settings.basePath + '/misc/throbber.gif); background-repeat: no-repeat; background-position: 100% -20px;').html('    ');

with:
$('#order-total-throbber').attr('style', 'background-image: url(/misc/throbber.gif); background-repeat: no-repeat; background-position: 100% -20px;').html('    ');

It seems to fix my error.

permalink #5 Wed, 09/10/2008 - 10:29
Lyle

Posts: 2259
 Joined: 08/07/2007
AdministratoreLiTe!

base_path(), on most Drupal installations, is just '/'. So your second example is equivalent to using Drupal.settings.basePath if Drupal is in your webroot. Your first example is actually in error because there shouldn't be a / before "misc". You'll actually end up with something like url('//misc/throbber.gif').

Furthermore, I just checked on a site that uses Secure Pages, and all of the images (even the throbber.gif) were retrieved over a secure connection. So it works, at least for some websites.

permalink #6 Wed, 09/10/2008 - 18:16
amaria
Posts: 28
 Joined: 04/04/2008

It's true that Drupal.settings.basePath is '/' which is why this is such a mystery to me. Furthermore I have misc/* set in SecurePages to ignore, meaning it should retrieve over https or http depending on the protocol of the page.

--

Chisholm Technologies, Inc.
Custom software development since 1999!
www.chisholmtech.com

permalink #7 Thu, 09/11/2008 - 09:12
Lyle

Posts: 2259
 Joined: 08/07/2007
AdministratoreLiTe!

Secure Pages only works on Drupal menu paths, I think. Other URLs like files and JavaScript should just use whatever the page is loaded as anyway.

Hmm...I wonder if the ignore setting is what's causing your problem. I had thought that setting meant that those paths weren't supposed to be secured at all.

permalink #8 Thu, 09/11/2008 - 14:07
amaria
Posts: 28
 Joined: 04/04/2008

It's not the ignore setting since it was happening before I added this setting. I thought ignore means SecurePages won't do anything to the url. When I didn't have my files directory listed under ignore, my CCK images wouldn't show up in add/edit mode because those pages are secure. Also, I have "Switch back to http pages when there are no matches" set.

--

Chisholm Technologies, Inc.
Custom software development since 1999!
www.chisholmtech.com

permalink #9 Fri, 09/26/2008 - 10:51
Lynn@drupal.org
Posts: 3
 Joined: 04/15/2008
Bug Finder

We have the same problem on FWK. Altering the path in that jquery line didn't help me (like Lyle says, the base_path is equivalent to '/' for me.) I also tried various securepages settings, an .htaccess redirect for /misc and using css to override the jquery css, none of which helped. The only fix I found was removing line 74 of uc_payment.js.

Maybe it would work better to apply the background image in a css file and then use the jquery to just hide/show that item?

permalink #10 Wed, 10/15/2008 - 15:58
JaceRider

Posts: 34
 Joined: 03/17/2008

Same problem... and only when using IE. Firefox and Safari don't give any warnings.