What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    SSL image/seal of Secure form embedded on an HTTPS website shows "insecure resource loaded".

    Asked by ptn0301 on March 11, 2015 at 11:45 AM

    Hi

    We recently made our website https. The form that is embedded is secure and stars with htpps . . The browser is saying there are issues? Please se below:

     

    "Your connection to www.skyemotion.co.uk is encrypted with modern cryptography. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page."

    Also see image attached.

    The from needs to be secure??

    Thanks

     

     

    Page URL:
    https://www.skyemotion.co.uk/apply-now.html

    Screenshot
    scripts attached secure https resources
  • Profile Image
    JotForm Support

    Answered by Charlie on March 11, 2015 at 12:31 PM

    Hi,

    Could you try changing all the links in your form to https:// also could you try removing the <script> code that is included in the iFrame embed code, just leave the <iframe> code intact and remove the <script> code below it.

    See if that helps solve the problem.

    Kind regards.

  • Profile Image

    Answered by ptn0301 on March 12, 2015 at 06:33 AM

    Hi Charlie.

    Tried the suggestions however its still the same...? Please see attached images of details from where the form is embedded. Any thoughts??

    Thanks

     

  • Profile Image
    JotForm Support

    Answered by Charlie on March 12, 2015 at 10:10 AM

    Hi,

    Could you check if you can change the protocol for the Google fonts in your actual web page found in the apply-now.html?

    You'll see in the screenshot below that it shows the unsecure link is the Google font found in your website, specifically inside your <head></head> tag.

    You can try changing the link in your website from:

    <link target="_blank" href="http://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,700" rel="stylesheet" type="text/css">

    To:

    <link target="_blank" href="https://fonts.googleapis.com/css?family=Montserrat:400,700|Open+Sans:400,300,700" rel="stylesheet" type="text/css">

     

    But I do see that the SSL seal image is also loaded in a unsecure link.

     

    I'll escalate this to our back end team so that they can investigate this further.

    Thank you.

  • Profile Image

    Answered by ptn0301 on March 12, 2015 at 12:56 PM

    Hi Charlie

    I have changes the the code in the CSS from http to https as suggested, republished the site and still showing an issue.

    Maybe it is the image? Shall I remove until the issue is resolved your end?

    Thanks

  • Profile Image

    Answered by Ben on March 12, 2015 at 02:10 PM

    Please do note that you are loading images over HTTP on your own website as well:

    http://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1423587211.png

    It should be:

    https://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1423587211.png

    This is in the head element (and should be ignored by the better browsers), but if you are still getting the same issue after you set it all up as mentioned later in my response, please change these links as well):

    <meta content="http://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1423587211.png" property="og:image">
    <meta content="http://www.skyemotion.co.uk/uploads/2/5/4/1/25417616/1391600900.jpg" property="og:image">
    <meta content="http://www.skyemotion.co.uk/apply-now.html" property="og:url">

    It also seems that you are linking to http pages on your links (only one example):

    http://www.skyemotion.co.uk/apply-now.html

    Now this would not show you the warning in the page, but will redirect them to a non secure pages later.

    You are also showing that secure image in a non secure way - which our system should do for you and my colleague has already raised the thread about, but I would suggest changing this CSS code:

    .form-all:before {
        background-image: url("http://www.jotform.com/uploads/ptn0301/form_files/Screen%20Shot%202015-02-09%20at%2016.44.48.png");
        background-repeat: no-repeat;
        background-size: 110px 54px;
        content: "";
        display: inline-block;
        height: 54px;
        position: absolute;
        width: 100%;
    }

    into:

    .form-all:before {
        background-image: url("https://www.jotform.com/uploads/ptn0301/form_files/Screen%20Shot%202015-02-09%20at%2016.44.48.png");
        background-repeat: no-repeat;
        background-size: 110px 54px;
        content: "";
        display: inline-block;
        height: 54px;
        position: absolute;
        width: 100%;
    }

    Do let us know how it goes.

  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on March 12, 2015 at 05:53 PM

    It seems like the workaround provided by Ben sorted out the issue with the unsecure image. You should also perform the change he suggested for the head element in your page.

    We await for your confirmation.

  • Profile Image

    Answered by ptn0301 on March 20, 2015 at 10:13 AM

    Hi 

    I placed the image on our page not in the form so thats why its loaded over https and not flagged a warning in the browser.

    Thanks for help almost there. I have sorted one issue, it was the google fonts loading over http not https.

     

    The form loads on our apply now page over https, however the submit button is on http. This is giving the warning in the browser about unsafe scripts. Please see pic attached.

    The browser stops it but we are trying to in still confidence in our users that the info is secure. How can we get the button to load over https??

    Thanks in advance..

     

  • Profile Image

    Answered by ptn0301 on March 20, 2015 at 10:44 AM

    Hi Guys.

    Ive answered my own question.

    I edited the custom css from http to https. We are cooking with gas!

    Thanks for help 

     

    Regards

  • Profile Image
    JotForm Support

    Answered by Charlie on March 20, 2015 at 12:14 PM

    Hi,

    It seems that you have already figured it out.

    If you needed any assistance again, please do not hesitate to open a new thread here in the forum.

    Kind regards.