HTTPS Breaks Some of the External JS Calls

The following files are calling an insecure version of external javascript libraries. This causes the external scripts to be blocked by some browsers and causes page errors. I have resolved this by editing the plugin to use http or https respectively based on the origin web address.
social-marketing/lib/services/class_wdsm_facebook_service.php
social-marketing/lib/services/class_wdsm_twitter_service.php
social-marketing/lib/services/class_wdsm_linkedin_service.php

Example:
Changed this:
public function add_js () {
echo '<script type="text/javascript" src="http//platform.twitter.com/widgets.js"></script>';
}

To this:
public function add_js () {
echo '<script type="text/javascript" src="//platform.twitter.com/widgets.js"></script>';
}

Thanks,
Kris

  • Adam Czajczyk

    Hello Kris,

    I hope you're well today and thank you for your question!

    The libraries that produce that are "3rd party" libraries and I suppose they just hasn't been updated and that's why they stayed in our plugin in their original (not compatible with SSL) form.

    That however is an important compatibility/security issue and I'm pretty sure we would be able to fix these issues so I already reported this as a security bug to our developers. They'll review the plugin code against it.

    Thank you for reporting this!

    Best regards,
    Adam