cancel
Showing results for 
Search instead for 
Did you mean: 

Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

Hi all -

 

We are having an issue in which the browser warns of mixed content in the shopping cart. Everywhere else on the site it seems that there are no security warnings.


In Chrome's console it shows this warning:

 

Mixed Content: The page at 'https://www.oursite.com/checkout/cart/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://www.oursite.com/checkout/cart/estimatePost/'. This endpoint should be made available over a secure connection.

 

Any ideas on what might be going wrong with this? Our version is ver. 1.9.0.1.

5 REPLIES

Re: Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

In a HTTPS page like the Checkout page, there should not be any content that is loaded over HTTP. 

 

One simple way to check this is to view the page's source and search for:-

src="http://

 

Anyway for your case it looks like Chrome's console is already showing you the problem, which is:-

http://www.oursite.com/checkout/cart/estimatePost/

 

You need to make sure that it is loaded over HTTPS, not HTTP. 

James Lee | Moderator • Magento Master
See My Recommended Magento Hosting & Security Tips

Re: Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.


JLHC wrote: 

You need to make sure that it is loaded over HTTPS, not HTTP. 


Thanks for the reply - this is certainly what is going on. However, we have tried a few things, such as inserting

 

'_secure'=>true

 

Into the form code, but nothing we try seems to do the trick. Any thoughts on how to force it?

Re: Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

I know it's old and you might have surely fixed the issue, but I leave it for someone else.

 

Try this, it's working for me:

 

array('_forced_secure' => true)

 

Re: Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

What template would that be inserted into? We're having the same issues...

 

Re: Mixed content SSL warning in shopping cart. Shipping estimate to blame it seems.

Called function has no parameter unfortunately :

public function getFormActionUrl()
{
return $this->getUrl('checkout/cart/estimatePost', array('_secure' => $this->_isSecure()));
}  

in Abstract:

protected function _isSecure()
{
return $this->_getApp()->getFrontController()->getRequest()->isSecure();
}