Secure/Non-Secure Warning Fixes

By Melanie Prough on Friday, September 11, 2009
Filed Under: Zen Cart Tips, Zen Cart Tutorials

Have you been seeing this nasty warning below when checking out on your Zen Cart?

This page contains both secure and nonsecure items. Do you want to display the nonsecure items

This page contains both secure and nonsecure items. Do you want to display the nonsecure items

Most will see this in Internet Explorer only…. So shop owners using FireFox miss this all the time. Checking your store is pretty fast and easy. Load up your Zen Cart in IE and navigate to your login page to start. If you get this warning, select “No”. This will hide any unsecured images to help you troubleshoot.

Most times this errors will be caused by one of these 3 things in your cart:

  1. Unsecured images on a secured page. These are images using an absolute (Full) url to an unsecured address — http:// instead of https://
  2. CSS stylesheets will have the same issue is you are using an absolute url.
  3. Scripts- These will be Java and other scripts and bits run from a unsecured and absolute url as well.

While there are a few other things which can cause this, these are your top culprits and should likely be checked out first. Once you locate the misbehaving element in your login page, there are a few easy tricks to fixing it.

1. If the element is a CSS stylesheet or image, you can download these and upload them to your own hosting. So shopping feed icons can usually be downloaded and then recoded with a properly secured location in your hosting account. The proper way to code these elements is using a relative url for the source. A relative url is very simply the path of the source within the current directory. So something like href=” ” becomes href=”images/image.gif “. This technique allows these elements to be displayed with https:// source only when loaded from an https:// page. This is the preferred method.

2. If the image cannot be downloaded and used locally, and the originator of the source image hasn’t any SSL… You can trick your shopper’s browsers in to securing the item by tweaking the code a bit.
Take this example

<a href=”” target=”_blank”><img src=”” border=”0″ alt=””></a>

and recode it like this

<a href=”” target=”_blank”><img src=”//” border=”0″ alt=””></a>

3. Unsecured scripts are a bit more challenging. Many will have secured versions to use, like Google Analytics for example… But many more will not.  If they haven’t a secured script or the script source’s address has no SSL. They options are remove it all together or force it to stop displaying on your secured pages. This technique, //www., is not going to work often for scripts of any kind.

Once you have secured your login page’s element, make sure you go all the way through your checkout in IE in case any other pages have the warning.

Tags: , , , , ,

Comments are closed.

Template Original