X-Cart forums

[Ceolas]

I'm having problems with the 'Do you want to display insecure elements yes/no' alert when switching to https. I have gone through the checkout page about 20 times looking for the http call, and I think I could use a fresh eye.

Anyone see anything insecure? or anything else that would cause this?

All Images should be called via {$ImagesDir}, and everything I see has the ../skin1/images/ inserted.


http://www.scrubsandscraps.com/xcart/

Thanks

[shan]

set up a test account and ill take al look

[Ceolas]

Anyone find anything?

I'm starting to think this is server related, since I can't see anything pulling from http, only from ../. But I've been known to not see something until it bites me sometimes.

Thanks
David

[shan]

in config.php see if your https setting has www in it

if so just get rid of the www and try that

[Ceolas]

$xcart_http_host ="scrubsandscraps.com";
$xcart_https_host ="lx2.mindstate.com/scrubsandscraps.com";
$xcart_web_dir ="/xcart";

I took the www. out of the http just in case, but no change.

Is there an easy way to make the {$ImagesDir} tag be replaced by the full http or https call instead of relative calls to the images?

lx2.mindstate.com/scrubsandscraps.com/ instead of ../images/art/

[shan]

the whole point of the {$ImagesDir} tag is that it doesnt have hard coded http or https.

[Ceolas]

Figured it out...

<OBJECT classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0"
ID=topflash WIDTH=233 HEIGHT=82>

When including Flash and Director pieces the .cab call causes the security error. Macromedia has an https protocol in place so just change the above code to:

<OBJECT classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0"
ID=topflash WIDTH=233 HEIGHT=82>