Fix insecure content warning due to template modification

Owned by Jonathan Tew
Last updated: Aug 05, 2015Version comment
3 min read

If you've modified your templates to add something like a trust logo then you may have accidentally broken the HTTPS lock in the browser.  Each browser displays this error condition differently.  Chrome for example shows it like this:

The first step to fixing your templates is navigating to your StoreFront and clicking the templates tab as shown below.

In the search field enter src="http:// and then click the search icon to the right as shown below.

Any file that has this string in it will appear below.  In this example we can see there are a couple of templates that could contain the bad code.  Click on the individual template filename to bring it up.   Now hit CTRL+F to bring up the search and type src="http:// and hit ENTER as shown below.

You'll see that this search found the bad code highlighted below.

Bad HTML Code
## 365D Seal and Customer Testimonial
<center><img longdesc="365-Day Guarantee Seal" title="365-Day Guarantee Seal"
                alt=""
                src="http://jazzmusicheaven.com.s3.amazonaws.com/images/guarantee_seal-365-days-gold-blue-112x104-clean.png"></center>
<center>

To fix this particular example we are going to remove the http:// from the link and then adjust the URL to use the format that will work with Amazon S3 for both HTTP and HTTPS.  That gives us the following good code.

Good HTML Code
## 365D Seal and Customer Testimonial
<center><img longdesc="365-Day Guarantee Seal" title="365-Day Guarantee Seal"
                alt=""
                src="//s3.amazonaws.com/jazzmusicheaven.com/images/guarantee_seal-365-days-gold-blue-112x104-clean.png"></center>
<center>

Whenever possible use // instead of https:// or http:// at the beginning of the URL. Browsers will automatically use the same protocol as the page which will prevent loading content insecurely if the page is running over HTTPS and at the same time not burden the web server if the page is running over HTTP.

To see if there are additional instances in the page of the src="http:// snippet hit CTRL+G.  When you are through fixing all the URLs that will break the page save the template.  Repeat this process for other templates that you may have modified.  

Ignore snippets that you have not modified such as snippets/comodo.vm. These snippets will have the string you're searching for, but they are properly coded by the theme developer for their purpose.

Now refresh your page in the checkout and the HTTPS lock should be happy.