Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Green Lock vs Yellow Caution/Page Not Sending to FB

Topic-icon Green Lock vs Yellow Caution/Page Not Sending to FB

Active Subscriptions:

None
7 years 10 months ago - 7 years 10 months ago #58657 by Inotachi
Hello Alex,

Using the "Share" button for Facebook, most pages send to Facebook OK. Some send the site homepage instead notwithstanding the URL file path appears normal.
In these instances the https green lock icon has disappeared and an orange caution sign appears in its place in the browser URL field.
How may I fix this on the site?
All the content is good and the images are generated using Photoshop, "Save for web & devices" as with all the others.
What can be on these page that search engines interpret as insecure?

Regards,
Last edit: 7 years 10 months ago by Inotachi.
The topic has been locked.
Support Specialist
7 years 10 months ago #58662 by alzander
I'm a little confused by what you're describing. Can you give some examples of specific pages where the https green-lock isn't showing? Is the sharing button you're using on those pages, or are you entering the URL into Faceobook's status box, or are you trying to share the URL some other way?

What can be on these page that search engines interpret as insecure?

I'm not sure how search engines are related to this. Do you mean the user's browser?

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
7 years 9 months ago - 7 years 9 months ago #58673 by Inotachi
Hi Alex,

This is a new learning curve for me.

I'm also confused :(

I got some info here:
support.mozilla.org/en-US/kb/mixed-conte...utm_source=inproduct
and here;
developer.mozilla.org/en-US/docs/Web/Sec...e_with_mixed_content

But I'm not sue that I fully understand the implications at the present time.

My site requires mixed content and I tend to get the impression that perhaps things are as they should be???
(Yes, I meant Browser. Sorry typo.)

I will however appreciate any further light that can be shed on this in simple to understand terms, if possible.

Re: The page that does not send correctly. It appears to be a separate or related issue. In this instance I did this:
Copied the article, trashed & deleted it and re posted it and the Facebook button now sends that page top Facebook.

Solved this one, still have questions re green lock & yellow caution.

Aren't all pictures insecure & can be copied?

Regards,
Last edit: 7 years 9 months ago by Inotachi.
The topic has been locked.
Support Specialist
7 years 9 months ago #58674 by alzander
If you run a site over https, it's always recommended that all content be delivered over https. When a Javascript file or some image is loaded over http when the rest is over https, there are *some* security implications in that there are ways for a 'bad guy' to use that non-secure point as a way to peek on in the current user. The best way to think about is is that you may have locked all the doors on your house, but left one window unlocked. The important thing to also note is that some security is much, much, much better than nothing at all.

Another thing to consider is your site's need for security at all. If you're just running a blog, lets say, then encryption of the connection between your server and the user is near-useless. If you're running a banking site, it's critical. If you have a shopping cart, you should at least shoot for the green (all https) padlock on your checkout page or any page that collects personal information. On that same shopping cart site, mixed content warnings on your blog or even product pages are much less problematic.

Aren't all pictures insecure & can be copied?

There's a lot of facets to this. The padlock icon is only for securing what your site sends to the user's browser encrypted, and the same for what your users send to your site. So, it secures any communications between your site and users for things like credit card details. An image, once loaded into a browser *could* be copied by anyone. Of course, there are copyrights and other legalities for things like that.. the important thing you need to ask is how important is that communication channel between your server and your users.. the points I make above help give some ideas on how to assess that.

All things equal, I would always say to use https on your site.. but I'd be less concerned about the mixed content warnings depending on your site content itself.

I hope that helps,
Alex
The topic has been locked.
Active Subscriptions:

None
7 years 9 months ago - 7 years 9 months ago #58680 by Inotachi
Hi Alex,

Many thanks for the comprehensive reply. I had to read it over but the nuances are beginning to make sense.
In Global Configuration>Server Settings, I have set to,Force SSL> Entire Site.

I notice that some pages such as cart the, No Mixed Secure green padlock appears.
On the blog page indeed the, Mixed content is not blocked: not secure grey padlock with yellow caution.

But I did nothing to set these. It appears automatic or I fluked something?

It would be nice to achieve the , Mixed content is blocked: secure if that's possible.
Reading as much as possible but I'm still not sure how or if it can be done.

Is there anything else I should be attending to?

Much appreciated,
Last edit: 7 years 9 months ago by Inotachi.
The topic has been locked.
Active Subscriptions:

None
7 years 9 months ago #58684 by Inotachi
Hi Alex,

Whew! It took a day of trying and testing but I've improved the site and developed a better working relationship with JFBC.

There appeared to be some quirky non responsive issues. Or my assumptions were incorrect. Anyhow I uninstalled JFBC in full and reinstalled a fresh JFBC v 7.0.2

Activated the JFBC plugins.

And ran Auto Tune which rendered all good.

I found that 'Social>Content Plugin-Like' appears on index page and deactivates the green lock.

I have deselected the buttons in 'Content Plugin-Like' and it stopped appearing on index page and green padlock has reappeared.

In preference I've activated JFB Social Share Extension on the preferred pages. It also changes the green padlock to Yellow Caution on the pages it is on.

Is there a way I can modify so it shows "Mixed content is blocked: secure," ie green padlock with grey caution? As per here: support.mozilla.org/en-US/kb/mixed-conte...utm_source=inproduct

Not sure how "Social>Content Plugin-Like" these differs from "JFB Social Share Extension" in purpose and function.
Are optional alternatives to each other?
Will they conflict if both are used?

Always value your feedback.

Regards,
The topic has been locked.
Support Specialist
7 years 9 months ago #58754 by alzander
I'm very sorry for the delayed response. Normally, the Content Plugin should not cause the mixed-content warnings, but it's possible we're missing something. The best way to narrow things down further is to:
* Enable the Content Plugin
* In the Social configuration area of JFBConnect, disable all the social buttons from displaying
* Check if the mixed-content warning is gone.. it should be
* Then, re-enable each social button one-by-one and test to see which is causing the actual error.

Knowing that will help us and may allow you to get going with most social buttons right now while we investigate whichever one is problematic.

I hope that helps and glad we could help explain some things and get you going further.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
7 years 9 months ago - 7 years 9 months ago #58755 by Inotachi
Hi Alex

Thanks again for the good information.

Went through process methodically and if I read it right this appears to be what's happening:
• The issue seems to be coming from JFBC Social Share Module.
When this is disabled padlock returns to green on all pages.

However System - JFBCSystem must also be disabled.

Which sort of defeats the purpose and the Social buttons then do not appear,

JFBC Social Share > Position > Floating works best for my site.

But creates this issue.

In Modules > JFBC Social Share I tried disabling JFBC Social Share and these individually with no result.

• Facebook Options
• LinkedIn Options
• Google Options
• Twitter Options

No changes I make in JFB Component, ( including Force Scheme as: https:// ) appear to affect this.

I'm not currently using Auto Login.

When I run Auto Tune it is shows all green ticks & OK.

Also: (this is a bit out of my depth but for what its worth)

I checked the buttons using Firefox Developer Tools and View Page Source and noticed Open Graph was being served using the http protocol at top page (<html prefix="og: ogp.me/ns# fb: ogp.me/ns/fb# get_the_best: ogp.me/ns/fb/get_the_best#" xmlns="www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr">(

• Facebook Options ---- not known
• LinkedIn Options ---- not known
• Google Options ---- appear to be serving up as "http" not "https"
• Twitter Options
appear to be serving up as "http" not "https"

Could it be that the browser is reading the http and therefore Firefox is interpreting hat these are not feeding in as https, but rather http. and therefore deems it to be insecure passive content.

This may be be the issue as per here: support.mozilla.org/en-US/kb/mixed-conte...utm_source=inproduct

and;

developer.mozilla.org/en-US/docs/Web/Sec...e_with_mixed_content
Where it states:
"How to fix your website
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
For your own domain, serve all content as HTTPS and fix your links.  Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.
For other domains, use the site's HTTPS version if available. If HTTPS is not available, you can try contacting the domain and asking them if they can make the content available via HTTPS."
In Component JFBC> Configuration> Advanced> I selected Force Scheme as: https:// believing this would do the job but it did not.

There appears no equivalent in the Module JFBC Social Share.

Hope I'm barking up the right tree and have given you information that is useful.

Regards,
Last edit: 7 years 9 months ago by Inotachi.
The topic has been locked.
Support Specialist
7 years 9 months ago #58785 by alzander

Could it be that the browser is reading the http and therefore Firefox is interpreting hat these are not feeding in as https, but rather http. and therefore deems it to be insecure passive content.

This is absolutely the problem. It's all about finding which content is being loaded from your site over pages, even if that's from another site completely.

Went through process methodically and if I read it right this appears to be what's happening:
• The issue seems to be coming from JFBC Social Share Module.
When this is disabled padlock returns to green on all pages.

However System - JFBCSystem must also be disabled.

Don't disable the System - JFBCSystem plugin. That disables all JFBConnect, so you're not really testing one small thing there but disabling everything. That does tell you that something within JFBC is causing the problem, but doesn't narrow it down at all. We'll need to go through setting by setting to figure it out.

Can you get a page setup that shows the grey padlock and post a URL for us to see? From there, we can investigate which content from JFBC may be causing the problem.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
7 years 9 months ago - 7 years 9 months ago #58786 by Inotachi
Hi Alex,

Thanks for reducing it to simplicity for me.

This is the front page now back to green after I removed JFBC Social Share Module from displaying there: bestbluemountains.com/geeup/

Here are some other pages with the grey padlock:

bestbluemountains.com/geeup/food-drink.html

bestbluemountains.com/geeup/food-drink/1...nese-restaurant.html

Thanks again,

Best Regards,
Last edit: 7 years 9 months ago by Inotachi.
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Green Lock vs Yellow Caution/Page Not Sending to FB
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS