IA Modules eCommerce Documentation

Have a question? Email support@iamodules.com to create a ticket in our ticket system.
 

Fixing insecure warnings

Sometimes you will see an insecure popup warning like this:

When you do, you should choose NO. then look and see what is missing. you should see images or something missing from the page that you see in http:// mode just fine.Alternatively you can also do a right click view source, then ctrl+F (find) looking for 'http://' . Note, you may see some that won't matter. the ones that do matter have a ' src=http:// ' which is forcibly bringing the asset into the page insecurely. When you find them you will have to deduce which file of your sites is outputting that. Commonly it could be your header, store home, side menu or footer xsl/htm files. You will want to check them.

To understand more and how to fix, see below:

Often it is because you did a FULL ABSOLUTE link to a asset (image or flash/swf or javascript file, etc.) like:

You or your html editor put a full url in to assets on your own site like:
<img src="http://www.myIAMstoredomain.com/images/someimage.jpg" />

Just change the 'src=' value to NOT INCLUDE the 'http://www.yourdomain.com part.
In the example just above you would change to:
<img src="/images/someimage.jpg" />
Surfer's browsers will automatically fill in the appropriate leading details for you. Problem solved.

...OR...

The file is hosted by some other site.... You want to refer to it....like:
http://www.someOtherDomain.com/images/theirimage.jpg .

The best thing to do is ALWAYS copy it to your own site and reference it using a RELATIVE url like :

/images/theirimage.jpg

Again, if it is on your server, this will work fine. Ditto for javascripts.99% of the time, this is the ideal solution.

Now, IF YOU CANNOT OR ARE NOT ALLOWED to put a copy on your own server, you need to use a javascript to dynamically write out html corrected that figures out what mode you are in. This is the case with google analytics scripts, for example.

say you have:
<script type="text/javascript" src="http://www.somedomain.com/scripts/team_link.js" ></script>
You can see the FULL ABSOLUTE url in the src. This won't play nice in your https mode of your site. You have to make it dynamically choose the protocol and write it out correctly on the fly. This is simple to do. An example you can use is below:

<script type="text/javascript">var JsHost = (("https:" == document.location.protocol) ? "https://" : "http://");
document.write(unescape("%3Cscript src='" + JsHost + "www.somedomain.com/scripts/team_link.js' type='text/javascript'%3E%3C/script%3E"));
</script>

Using this instead of the previous code will cause the browser to dynamically choose the right protocal because the JavaScript is writing it out correctly depending on the browsers mode at that moment.

If you still encounter problems it may be because the host that has the asset you want does not have a good or valid SSL certificate.

It can also be because the other sites script also writes things out poorly, hard coding output of an image to http mode all the time. In this case, you NEED to communicate with the host and ask how to proceed.

You can prove it to the other host with these steps:

You want to see the results of a javascript like that to see what it is actually ouputting:
1. go to page in firefox
2. then do ctrl+a
3. then do view / selection source
4. This will show the altered source of the page instead of original and you should see what was outputted and if it did it's job of http/https switch or not.
© 2013 IA Modules, LLC
All rights reserved.