I'm using a plugin in WordPress that uses the Google Maps API but keep getting this error:
[blocked] Access to geolocation was blocked over secure connection with mixed content to...
My site is on SSL, and I've checked that the google API script is not trying to be pulled in via http (it is https as it should be).
I'm not sure what could be causing this issue. Maybe there is something I need to do in my htaccess file? Please help! Thanks!
Check below list,
Your site have http link instead of https links, so only you facing the mixed content warning( you can fine this warning in your browser console). Find those links in your website and change those as a https links.
Add google API key in configuration.
https://developers.google.com/maps/documentation/javascript/get-api-key
Related
I am using wordpress social login 2.3.3 and enabled yahoo, twitter and facebook. But in my infrastructure i am using nginx for hosting webpage and there is another instance of nginx used for load balancing the traffic. My domain is registered and i am using non-standard port for HTTPS.
My issue is when after entering the Yahoo credentials by credentials are getting successfully authenticated and when hauth.done=Yahoo gives me sent an invalid response ERR_INVALID_REDIRECT
As per the code in wsl 2.3.3 author has already taken care of non standard port. So the issue seems to be narrowed down to Nginx configuration.
Please help!!
This is mainly because of below wrong parameters posted in general
redirect_to
baseUrl
In general it means with respect to HybridAuth that you are not landed on right page.
As you said that you are using Nginx as loadbalancer and server. You need to check your server request attributes.
You should look for
HTTP_X_FORWARDED_PORT
SERVER_PORT
HTTP_HOST
HTTP_X_FORWARDED_HOST
There can be other parameters as well, with all these attributes plugin forms correct URL.
Hope that Helps :)
ERR_INVALID_REDIRECT is caused because your redirect url in developers.yahoo.com and redirect url in plugin does not match. Try to configure them identically.
I have a Comodo SSL certificate on my host plan, however when accesing my site from google, it sends me automatically to
http://example.com, Where the green lock doesn't appear.
If I manually add "https", like: https://example.com it does show up!
Is there a way to access my website always with the green lock showing up? instead of manually having to write it everytime?
You can easily redirect to the https version of any page using rewrite rules/rewrite module of your web server (the exact way to do this depends on the webserver used). Ask your provider, this is a common case so there may even be a UI option in your console to do this.
Regarding google see this: https://webmasters.stackexchange.com/questions/67212/how-to-convince-google-to-list-https-version-of-website
It may also be good form to verify the protocol used to access the site in your authentication module and refuse authentication if the wrong protocol is used. Assuming web rules are used to redirect traffic this would to prevent leaking information due to a misconfiguration/bug.
Well i have this website made with wordpress hosted on hostgator in a web hosting. Sometimes when i access it with some browsers like firefox it give my this error:
The text is in spanish but it basicly says:
"The conection is not safe The owner of www.domain.com has configured
this website incorrectly. To protect your information againts thefts,
Firefox has not connected to this site"
Sorry for my english.
Thanks!
There are various reasons for this error. As a primary investigation, you may check below:
Make sure that you have valid CA bundle installed along with certificate.
If you have URL(s) set in your code (any web page), make sure that you have used "HTTPS://" instead of "HTTP://". Because, if there is a URL in your code which is set with HTTP, browser will detect that page as non-secured and it will not load the page and will show security error.
https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead show an error page
I am using a combination of things and not sure where the error is coming from: I have a WordPress site with and installed SSL cert. https:www.joesmetrobox.com. I have the Cleanr theme installed and I am using WooCommerce and the Paypal Advanced plug in to use Paypal as the way I process payments.
Everything is fine until I try to submit the credit card information here: on this page: checkout/pay/?key=order_51882ad846e67&order=360 (this would be unique for transaction). Then depending on the browser I get an error:
Firefox: Security Warning: Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by others. Are you sure you want to continue sending this information?
Firebug gives me this
error: 404 error for this
wp-content/themes/cleanr/js/scripts.js?ver=1.0 and file which does
not seem to exist.
Explorer 8: Security Warning: Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
Chrome: Secure Token Expired
and if I use their developer tools I also get this extra clue: Unsafe JavaScript attempt to access frame with URL https://joesmetrobox.com/checkout/pay/?key=order_5188245e1ae70&order=361 from frame with URL https://payflowlink.paypal.com/?mode=LIVE&SECURETOKEN=LvNtL1gubfE6Z5lwc2gMiQgJ0&SECURETOKENID=joesmetro51882d664015d4.15989435. Domains, protocols and ports must match.
So I am pretty stumped at this point where to even focus my attention. I am not a programmer and know just enough to be dangerous.
I am wondering if it is some kind of token setting in Paypal that I accidentally clicked and don't need? or maybe WooCommerce isn't playing nice with Paypal, Cleanr theme or maybe both.
I just want to be able to process payments without an error popping up...does anyone have ideas?
a plugin like this may help you implement HTTPS to your site.
http://wordpress.org/extend/plugins/wordpress-https/
WooCommerce Reference: http://docs.woothemes.com/document/ssl-and-https/
Insecure content warnings
If you have insecure content warnings when viewing a secure page it
means you will be linking directly to scripts, images, or stylesheets
over http instead of https. Most of the time this is simply fixed by
changing said links to https or by using relative URL’s (e.g.
/wp-content/file instead of http yoursitename/wp-content/file).
You can also use a plugin like WordPress HTTPS to force the URLS to be
secure. WooCommerce does secure scripts which are enqueued correctly.
To identify the insecure links you can use a tool such as Firebug for
firefox, or Chromes built in developer tools, and look at the error
console – insecure resources will be listed.
I want to understand the technical background why it is not possible to track an HTTPS website with Piwik, when Piwik itself is installed on an HTTP server?
Somebody said, that if you would do that the browser would come up with an error message, but why?
I mean you do an HTTPS request, and on the bottom of the site is the tracking code to the HTTP Piwik site, that gets requested immediately. What's wrong about that?
All resources (such as the requests to Piwik) of the site requested through HTTPS have to go through the very same protocol since, otherwise, you will receive varying warning messages from different browsers (along the lines of "Your connection to XYZ is encrypted, however it contains resources that are not secure [...]").
So, to alleviate the problem, also Piwik has to be available via SSL.
The Piwik Javascript snipped already checks the protocol and redirects the user to the respective protocol. Now all you need to ensure is that your Piwik installation resides somewhere that has a valid SSL certificate.