Please fix insecure elements on Jobs & Experts when using https certified SSL.

Hi,
I am embarking on fixing the insecure element warnings some people are getting when using Jobs and Experts on our encrypted SSL protected site. We have a fully commercially certified SSL we pay for on that site and when Jobs and Experts pages are used there are warnings that it is calling things unencrypted. Usually plugins will take the setting used by the site admin and encrypt things using the root specified, but this seems to be calling something unencrypted or connecting to a third party unencrypted. I see various questions and potential fixes on this but can you please give this as a feature request to fix the plugin, as it should not be doing this if the site is SSL.
I double checked with tester and the warning only pops up when she tests the Jobs & Experts page so far. If you think this may be something else with our site, and not the plugin, please let me know though.
Thank you!

  • Aurelio

    Hi Ari. Thank you for your response!
    Is the plugin calling it's own fonts maybe?
    That is odd, because the error only seems to show up on the Jobs and Experts page.
    I know with quite a few of the themes I need to overwrite the calls to google fonts as can be called hard-coded http insecure element, and also risking slowing the site sometimes, as I've had fonts and apis stick every once in a while when called from third parties. I don't use chrome, but in Safari, as soon as I click the Jobs and Experts page my secure padlock confirmation on the webpage disappears, indicating insecure elements. If I click on members list, for example, the secure confirmation comes back.
    Looking at source, now I see the google fonts reference you mention. DarkElements is calling google fonts but it looks like a relative reference that is keeping the website encrypted on other pages, maybe. I only asked in regards to this plugin because I get the insecure warning only on the Jobs and Experts page or My Activity, and security confirmation pops back up when I click off of Jobs and Experts to other pages. Are you seeing it elsewhere? I will hunt down what's doing it on my activity, probably an activity plugin, but I don't know why specifically I get it on Jobs & Experts page.
    Thank you again for your help

  • Aurelio

    Also I tried Opera and as soon as I click on Jobs and Experts, i get the insecure elements blocked notification. If I click around the site elsewhere, the security confirmation pops back up. I have enabled access if you want to take a look. I've disabled all other activity type stuff and tried a test user and I only get that insecure element warning now on the Jobs and Experts page from various browsers, for some reason. Thank you for your help.

  • Aurelio

    Hi Ari,
    Any word on why the Jobs & Experts page specifically is calling insecure google fonts, causing encryption validation warnings?
    I found out what was causing the other ones. The activity plus plugin post links function is pulling third party content from insecure sources on each page view. Is there a setting for it to cache the images or youtube reference, or make it encrypted? Otherwise, on pages where a link was posted, the insecure elements warning appears. I've narrowed down insecure element references to the Jobs & Experts page, and the only custom code I have on that virtual page is the default shortcodes that show up. Also on the activity posts where the user used activity plus link postings. The activity plus could be fixed by caching the images or thumbnails locally, but I don't see the setting.
    I have no idea why the Jobs & Experts page specifically is calling insecure google fonts on each page load though. Thanks for any help!

  • Aurelio

    I was able to search through the code and see Jobs and Experts calling google fonts with calls like:
    @import url(http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800)
    How do you disable this? Calling third parties is a little bit of a privacy issue these days, unless there is a specific need for services, and I don't think calling google fonts (even if it was encrypted) is necessary to display the support front end. Maybe it would be easier to allow us to use our own theme fonts and styles, or an option section to use desired fonts, including local/regular ones.
    But I did find it was Jobs and Experts calling/sending this third party data and creating insecure elements on the Jobs & Experts page.
    Can you please give me the easiest and future-proof code you recommend to get rid of these insecure element errors and remove the dependence on insecure/third party data calls for this plugin? I know with some themes it was as simple as a one-liner I could throw in a custom plugin.
    Thank you!

  • Aurelio

    Ok! I will do this. And thank you for tagging the developer, as my main worry in directly changing the code would be updates over-riding the changes, and I'd very much like to stay up to date without worrying about that. I maintain a custom plugin to throw misc. over-rides in, so if there are a few lines I can throw in there, to future-proof a little, that's an option too. If there is an option to the approach, my first choice would almost always be to just disable google fonts or any other calls 3rd party calls on user page loads, unless for specific services that need to know of course, like a yelp review :slight_smile:.
    Thanks so much Ash!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.