CODEWITHSUNDEEP
javascriptfacebooksecuritytwitter
Mark
Mark

Reputation: 9

Facebook like button is causing site to be insecure

I have built a storefront website with Volusion (which has been frustrating) and they only allow control over the files that they want you to control. This makes it a bit tricky to find work-arounds for customizing the site as well as getting SEO just where you want it. I have implemented Facebook like/share and Twitter buttons on the website. In order to keep the placement of the buttons consistent along all pages (that I want it on) was to place it in the template page; otherwise I would have to place it on every page (and there's a lot of them).

The problem I have is that due to the buttons being placed in the template file, the pages that need to be secure (checkout, account, etc.) have been compromised and are no longer secure. I have searched for ways to disable the javascript of the buttons so that it doesn't run and therefore making it secure again, but I have come up short. I could have been searching with the wrong keywords or even the wrong idea.

Any help to disable the Facebook and Twitter buttons on certain pages or even another work-around would be greatly appreciated.

Thank you!

Upvotes: 0

Views: 374

Answers (3)

spadelives
spadelives

Reputation: 1628

Please post your rendered code if the following doesn't answer your question. But generally, it is most likely cause of your problem is that the links to the buttom images that are hard coded to "http://.../your_image.gif". This causes the warning that the page is insecure since the http link is unencrypted.

In order to fix this, you either need to hard code the correct url scheme into the image source or dynamically determine the url scheme that is used at runtime (http or https) and use this scheme in your image URL.

For example, if your page is under HTTPS, then the image source must be "https://.../your_image.gif" and this would not generate any warnings since the entire page is secure. If you use the http prefix instead of https, you will get warnings.

Upvotes: 0

hereandnow78
hereandnow78

Reputation: 14434

you want to check in javascript if you are on a secure page (ssl)?

document.location.protocol === 'https:'

the other way around you could just run your script if you are on non-ssl:

if(document.location.protocol === 'http:') {
  // run your script
}

edit: if you use this snippet (from the facebook website) there should be no ssl-warning, just because you dont use a protocol (//connect.facebook...) 

 <div id="fb-root"></div>
 <script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = "//connect.facebook.net/de_DE/all.js#xfbml=1&appId=106146976149656";
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
</script>

if you do it not that way, please paste how you render your fb-button

Upvotes: 1

TwisterMc
TwisterMc

Reputation: 155

The default Like button code should work on secure or insecure pages regardless. This is done by starting the JS that Facebook includes with // and not http://.

What does your code look like?

Upvotes: 0

Related Questions