- ptn0301Asked on March 11, 2015 at 11:45 AM
We recently made our website https. The form that is embedded is secure and stars with htpps . . The browser is saying there are issues? Please se below:
"Your connection to www.skyemotion.co.uk is encrypted with modern cryptography. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."
Also see image attached.
The from needs to be secure??
- CharlieAnswered on March 11, 2015 at 12:31 PM
Could you try changing all the links in your form to https:// also could you try removing the <script> code that is included in the iFrame embed code, just leave the <iframe> code intact and remove the <script> code below it.
See if that helps solve the problem.
- ptn0301Answered on March 12, 2015 at 06:33 AM
Tried the suggestions however its still the same...? Please see attached images of details from where the form is embedded. Any thoughts??
- CharlieAnswered on March 12, 2015 at 10:10 AM
Could you check if you can change the protocol for the Google fonts in your actual web page found in the apply-now.html?
You'll see in the screenshot below that it shows the unsecure link is the Google font found in your website, specifically inside your <head></head> tag.
You can try changing the link in your website from:
<link target="_blank" href="http://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,700" rel="stylesheet" type="text/css">
<link target="_blank" href="https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,700" rel="stylesheet" type="text/css">
But I do see that the SSL seal image is also loaded in a unsecure link.
I'll escalate this to our back end team so that they can investigate this further.
- ptn0301Answered on March 12, 2015 at 12:56 PM
I have changes the the code in the CSS from http to https as suggested, republished the site and still showing an issue.
Maybe it is the image? Shall I remove until the issue is resolved your end?
- BenAnswered on March 12, 2015 at 02:10 PM
Please do note that you are loading images over HTTP on your own website as well:
It should be:
This is in the head element (and should be ignored by the better browsers), but if you are still getting the same issue after you set it all up as mentioned later in my response, please change these links as well):
<meta content="http://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1423587211.png" property="og:image">
<meta content="http://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1391600900.jpg" property="og:image">
<meta content="http://www.skyemotion.co.uk/apply-now.html" property="og:url">
It also seems that you are linking to http pages on your links (only one example):
Now this would not show you the warning in the page, but will redirect them to a non secure pages later.
You are also showing that secure image in a non secure way - which our system should do for you and my colleague has already raised the thread about, but I would suggest changing this CSS code:
background-size: 110px 54px;
background-size: 110px 54px;
Do let us know how it goes.
- JotForm Support ManagerJeanetteAnswered on March 12, 2015 at 05:53 PM
It seems like the workaround provided by Ben sorted out the issue with the unsecure image. You should also perform the change he suggested for the head element in your page.
We await for your confirmation.
- ptn0301Answered on March 20, 2015 at 10:13 AM
I placed the image on our page not in the form so thats why its loaded over https and not flagged a warning in the browser.
Thanks for help almost there. I have sorted one issue, it was the google fonts loading over http not https.
The form loads on our apply now page over https, however the submit button is on http. This is giving the warning in the browser about unsafe scripts. Please see pic attached.
The browser stops it but we are trying to in still confidence in our users that the info is secure. How can we get the button to load over https??
Thanks in advance..
- ptn0301Answered on March 20, 2015 at 10:44 AM
Ive answered my own question.
I edited the custom css from http to https. We are cooking with gas!
Thanks for help
- CharlieAnswered on March 20, 2015 at 12:14 PM
It seems that you have already figured it out.
If you needed any assistance again, please do not hesitate to open a new thread here in the forum.