Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Unsecure LinkedIn and Twitter platforms

Topic-icon Unsecure LinkedIn and Twitter platforms

Active Subscriptions:

None
14 years 7 months ago #14628 by alanstylez
For awhile now, my SSL certificate has been causing warnings for everyone who visits my site, likely driving many people away.

I was finally able to track down the cause of the issue and found that JFBConnect seems to be calling both the LinkedIn and Twitter platforms in an insecure manner.

Chrome developer tools logs the following warnings:

The page at nuvacord.net/en/ ran insecure content from platform.twitter.com/widgets.js.
The page at nuvacord.net/en/ ran insecure content from platform.linkedin.com/in.js.
The page at nuvacord.net/en/ ran insecure content from platform.twitter.com/widgets.js.
The page at nuvacord.net/en/ ran insecure content from platform.linkedin.com/in.js.
The page at nuvacord.net/en/ displayed insecure content from static02.linkedin.com/scds/common/u/img/...rite_connect_v13.png.

View Source presents (in part) the following:




which I assume is being called by the sharing component in JFBConnect. However, I'm not sure if there's a configuration setting I'm missing, if there's no secure API for Twitter or LinkedIn, or if there's something missing within the code.

How would I temporarily disable the calling of this script?

Can I just add http:// somewhere in the code?

What are my options?

- stylez
The topic has been locked.
Support Specialist
14 years 7 months ago #14632 by alzander
Stylez,
Yup, we're always including the http version of the LinkedIn and Twitter scripts. To fix manually, in the /plugins/content/jfbccontent/jfbccontent.php file, around line 320, you'll fine the inclusion of those files (search for "linkedin.js" to get there quickly). Simply update the links to https.

I've taken note of this bug, and in the next release, we'll update it to automatically load the secure or non-secure script pages depending on the current page the user is on.

Thanks for pointing this out,
Alex
The topic has been locked.
Active Subscriptions:

None
14 years 7 months ago #14637 by alanstylez
Thanks, that seemed to fix the insecure calls for Twitter and LinkedIn platforms, but it's still presenting the following:

The page at nuvacord.net/en/ displayed insecure content from static02.linkedin.com/scds/common/u/img/...rite_connect_v13.png.

I searched for other http:// in jfbccontent.php and I found one reference to twitter, but nothing that might call the above image. So, where else can I look?
The topic has been locked.
Active Subscriptions:

None
14 years 7 months ago #14638 by alanstylez
BTW, I added 's' to lines 669 and 353, but I'm still getting a dirty response...
The topic has been locked.
Support Specialist
14 years 7 months ago #14644 by alzander
Alan,
That looks to be an issue with the LinkedIn share button. Although the Javascript library is now being loaded over https, it looks like it's including an image that itself is not being loaded securely. I don't think we can fix this, but are looking into possible alternatives.

Sorry for the troubles. We can help you disable just the LinkedIn button if you want, or you can disable all the social sharing buttons (for the time being). This bug looks to have been reported to LinkedIn multiple times since about April of this year, and it's in a "We're working on it" state.

Alex
The topic has been locked.
Active Subscriptions:

None
14 years 7 months ago #14649 by alanstylez
If your team could write me a snippet of code that would load the image of a .png file stored and referenced on the web server?

For example:

/plugins/content/jfbccontent/jfbccontent.php - lines 669-671

- <contact LinkedIn over http>
- <post warning to SSL certificate authority>
- <lose business>

+ <display /images/NewLinkedIn.png>
+ <transmit over SSL>
+ <everyone's happy>

Please, this is the last piece of the SSL puzzle... I don't want to give up my social media share buttons!

- stylez
The topic has been locked.
Support Specialist
14 years 7 months ago #14652 by alzander
There's not really a way for us to easily override the LinkedIn button's code, since that's loaded through their own Javascript. They actually do have a (tedious) workaround, that we're looking into, but we'd need to test it a bit first.

In the meantime, if the SSL issue is killing you, we'd recommend disabling just the LinkedIn button. To do that, you'll need to make a minor code modification, which you can see in the post below:
www.sourcecoast.com/forums/jfbconnect/jf...en-button?p=1#p14280

Thanks for pointing this out,
Alex
The topic has been locked.
Active Subscriptions:

None
14 years 7 months ago #14657 by alanstylez
commented out line 321 in /plugins/content/jbccontent/jbccontent.php and the SSL is clear... finally!

Please let me know when I can bring that LinkedIn button back.

Thanks,
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Unsecure LinkedIn and Twitter platforms
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS