Sep 28, 2020, 01:17 PM

News:

Keep an eye on your notifications page. It can get huge.


Mixed content errors ?

Started by LandyVlad, Jan 30, 2020, 08:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

LandyVlad

For some reason https on my forum has disappeared.
When I can get access (I'm behind a firewall at the moment not allowing cpanel access)I'll have to check the htaccess file etc


That aside I am also getting the following error from whynopadlock.com

QuoteMixed Content - Errors
Hard Failure
A file with an insecure url of "http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"; was loaded on line: 632 of https://gsx1400owners.org/forum/.
________________________________________
This URL will need to be updated to use a secure URL for your padlock to return

So.. that doesn't say what actual file is involved (only line 632 which in itself isn't all that helpful).



Does anyone know how I can go about rewsolving this problem? Thanks. 


Link to deatils  https://www.whynopadlock.com/results/2760cc84-2bff-4c9d-aef4-d82c18b27591


I reject your reality, and substitute my own.

Skhilled

Ok, according to what you've posted you are:

1.  Not forcing HTTPS on your server. The best way is using .htaccess like this:

https://www.docskillz.com/docs/index.php?topic=1214.0

2.  For the Hard Failure: "A file with an insecure url of "http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"; was loaded on line: 632 of https://gsx1400owners.org/forum/";:

Notice the "http"...should be "https". You'll need to find where that is and change it.

3.  For the Soft Failure: "An image with an insecure url of "http://gsx1400owners.org/forum_test/gallery/0/1-120417193811-3682443.jpeg"; was loaded on line: 481 of https://gsx1400owners.org/forum/.";

There's an image either in a mod or coding OR posted in a topic somewhere with "http" instead of "https".

In order to have a fully https site you must make sure all links, coding, etc. are using https instead of http. For some of it you can go into phpmyadmin and easily change all instances of change "http" to "https" via the database. The rest you'll probably have to do manually by searching your forum for "http" and making the appropriate changes. You'll also want to let your users know they should use "https" when posting any links or attachments.

LandyVlad

Thanks. Yeah the soft failure is in a test forum which I plan to get rid of anyway (just need to ensure I do so in a way that wont destroy anything else)
I reject your reality, and substitute my own.

LandyVlad

Ok re forcing https

This is the structure on my server (abbreviated to relevant portions)
(/home/gsxowner). Has htaccess file? YES
  public_html. Has htaccess file? YES
      forum. Has htaccess file? NO
      forum_test. Has htaccess file? YES
      test21forum.  Has htaccess file? NO
      wp. (This is my wordpress site) Has htaccess file? YES

I added the two requisite lines to the htaccess file in my site root folder (/home/gsxowner)


<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule .* - [E=noabort:1]
RewriteRule .* - [E=noconntimeout:1]

Doing a refresh on the site and its still showing as not secure.

I should note that the forum is in a subfolder
i.e. http://gsx1400owners.org/forum


If I look in the public_html folder there is an htaccess file there also

<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>

RewriteEngine On
RewriteRule .* - [E=noabort:1]
RewriteRule .* - [E=noconntimeout:1]



RewriteEngine on

RewriteOptions inherit
RewriteCond %{HTTP_HOST} ^gsx1400owners\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400owners\.org$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/gsx1400owners\.org\/wp" [R=301,L]
RewriteCond %{HTTP_HOST} ^gsx1400\.online$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400\.online$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/www\.gsx1400owners\.org\/wp" [R=301,L]
RewriteCond %{HTTP_HOST} ^gsx1400\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400\.uk$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/www\.gsx1400owners\.org\/wp" [R=301,L]
RewriteCond %{HTTP_HOST} ^gsx1400owners\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400owners\.net$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/www\.gsx1400owners\.org\/wp" [R=301,L]
RewriteCond %{HTTP_HOST} ^gsx1400owners\.online$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400owners\.online$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/www\.gsx1400owners\.org\/wp" [R=301,L]
RewriteCond %{HTTP_HOST} ^gsx1400owners\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.gsx1400owners\.uk$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "http\:\/\/www\.gsx1400owners\.org\/wp" [R=301,L]
 

There is no htaccess file in the forum root directory.

So the question is - which htaccess file needs to be done (and will that affect all below it)
Which directories should have htaccess files? Would an htaccess file in a forum directory override the previous htaccess file it had seen (eg in public_html)?

I'm confused at this point  :hwhat
I reject your reality, and substitute my own.

LandyVlad

OK I just went and pasted the code into the poublic_html htaccess filer, and the forum is now showing with the padlock :rgton  :vcool


I'd still love to know the answers to my above questions though so I can get my head around it.  Ta.
I reject your reality, and substitute my own.

Skhilled

Jan 31, 2020, 09:43 AM #5 Last Edit: Jan 31, 2020, 09:46 AM by Skhilled
If you put it in root then it should affect all subdirectories that use the same root domain, addon domain, etc.

I actually haven't tried putting one in a subdir because the one in root works for them all. But I do believe adding one to a sub would override the one in root but as I've said I've never tried it.

lurkalot

Quote from: Skhilled on Jan 31, 2020, 09:43 AMBut I do believe adding one to a sub would override the one in root but as I've said I've never tried it.

It does. ;)

Skhilled

Yeah, I thought I remembered reading that a few times awhile back.

LandyVlad

I didn't create any of the htaccess files or their contents in the subdirectories that's why I'm confused.

I suppose that smf creates an htaccess file when installed? Or does it?
I reject your reality, and substitute my own.

Skhilled

No, you must create it. Your panel may or may not create one in your root folder but you'll need to create one if one's not there. If you use cPanel then you may have to go to File Manager -> Settings and enable "Show hidden .dot files" to see it.