SSL, endless security warnings

Hello people,

If anyone here is kind to just explain me what is happening with my site, because for each click in IE7. the warning message appears

"This page cointains both secure and non secure items. Do you want to display the nonsecure items?"

It is very annoying especially that i do not have outside content, Not even Google Ads. But a user for sure will not stand it when he will have to click "OK" on each link he is clicking. One click, one warning and so on...

I am desperate because i paid enough for an SSLwhich suposed to make things better and safer. But 99,9% of the users would not like to click Ok on each page they go. Thank you all in advance.

... and i must specify. I have no addons, no module, but Dolphin 6.1.4. I tried to figure it out and follow links where it can leak, but no...

OR!!! Is it Dolphin Script sending out informations to BoonEx and that's why appears as "non secure"? In this case we got an issue here...

turn down  your security setting on your browser. try FF and see if you are getting the same warnings. I am sure this is just something coming from your A) firewall settings or B) your security settings on IE

good luck,

DosDawg

Well, i know about the browser's setting, but this wil solve the problem only local. I will sure lose visitors because of this. Because there are 2 possibilities:

1. They leave directly because of the warning, especially that nowadays are lots of dangerous things on web and people are very cautious.

2. They decide to ignore the alert once, twice 3,4 times, until they get iritated by the message and leave, thinking that "Hey this a bullshit website".

Not everyone knows how to locally fix this issue in their browser, and most of them if not 80% are using the default settings of the IE Browser. We do use Firefox because we know why and we are motivated. But a lady of 40+ years looking for "the one" wont know these facts.

In conclusion, this is a huge disadvantage for me, and for some others. Because me, as a webmaster i make sure the user to be safe, his data to be kept private and so on. And what happens? It makes it worse than if was NOT taking care of using an SSL. And there you go... you lose because you invest interest in your user's data safety.

Now people tell me... IS IT FAIR???

Oh, and 1 thing i discovered just now. It doesn't happen to the unauthenticated users. Only to logged in users. Now i don't know what to think... Or where to search...

I think that's the problem.

Dolphin calls home and it is probably not calling to an https connection. What Boonex needs to do is add a switch statement that gets activated by the admin to use an https connection or http.

And yeah, just for a simple reason we lose money and visitors... again. Cause not everybody will thrust to pay a membership when they see a website with no security.

If it's payment issue then you can break out the payment details out of the Dolphin site pages. You don't need to use the existing Dolphin pages to allow members to buy from your site.

Its not only about the checkout issue, but also about protecting user's private data as an whole. I just made some diggings on forums about this alert and about how IE detects the contents as "mixed" (secure and non-secure) .

I extracted some quotes from there and i also have the same opinion if not because of Dolphin sending data to Boonex via http then it can be this:

"... you need to dig into iframes. If you have any iframes in your output (dynamic via Javascript/DOM or static on the page) be sure to specify the src attribute, and not just any src attribute will do. Options include “#”, or “javascript:void(0);” or even "javascript:'<html></html>';".

"

Now when that does not bear any fruit it’s time to really dig deep. I found out that when you are manipulating a DOM element (lets say creating a DIV tag), and are setting its style.background property to a incomplete url, for example:

div.style.background="url(/images/message-top-left.png) ";

It seems that IE7 (and only IE7) will make this request over 443, but treat the data as one of these pesky “nonsecure items”.

So, the work-around which I implemented was to specify the FULL url like:

div.style.background="url(“+prefix+“/images/message-top-left.png) ";

Where “prefix” is something along the lines of:

prefix = document.location.protocol + "//" + document.location.hostname;"....

So, with other words people like me must re-write the most paths of Dolphin.

Any chance this modification will make its way into Dolphin 7?  This seems like a pretty significant change for me to maintain on my side and the suggestion seems like a good fix.

Thanks! - JS