Jump to:
| Project: | Share Buttons (AddToAny) by Lockerz |
| Version: | 7.x-3.1 |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (works as designed) |
Issue Summary
I am developing a site (that isn't published yet) with the Drupal Platform. I installed the social networking module AddToAny (http://drupal.org/project/addtoany). The site I'm developing uses ssl. In Chrome (15.0.874.120 m), the use of the AddToAny widget (7.x-3.1) on a visited page causes the "high-risk insecure content" symbol in the display bar, and corrupts the session thereafter. (https://www.google.com/support/chrome/bin/answer.py?answer=95617&hl=en-US) In other words... in a fresh cache-cleared visit, if you visit AddToAny non-widget pages page prior to visiting a AddToAny widget page things are normal, but after you visit a page with the AddToAny widget it displays the "high-risk insecure content" symbol for the rest of the session until you close the browser and clear the cache - As if the widget corrupts the whole session with the "high-risk insecure content" symbol until you clear the cache. I've reported this to Chrome and am FYI'ing here.
Comments
#1
Your issue may be caused by developing with an invalid SSL certificate and/or mixed content (local and public).
Are you able to reproduce in a live environment?
Did you experience issues with other browsers, or is this a Chrome-specific issue?
#2
Thanks micropat;
It is on a live environment (server), just behind a .htaccess login until I can get it to a point to present publicly. I haven't had a chance to test on other browsers yet. I have just be working with Firefox and Chrome and the problem didn't seem to present itself with Firefox. My feeling is that it is a Chrome quirk or Chrome/AddToAny quirk. Something like this could cast a suspicion with users using the site with Chrome (it is a commerce site so that is important). The whole site is ssl and I guess, when the AddToAny is installed, Chrome senses some outside references and sends the red flag... but when you move off of the page to a page where AddToAny isn't used than the warning is still there - it doesn't clear it for the new page... it sticks through the whole session. This wasn't the case with Firefox which seemed to handle it normally, as would be expected. I did report it to Chrome. I'll revisit this when I put out some other problems.
I saw this posting which I'll make note of... maybe this is what Chrome is picking up on.
Removing and documenting 3rd party tracking pixel on AddToAny
http://drupal.org/node/851680
#3
I believe this issue is really a Chrome browser issue. I did manage to solve my particular problems with the below. The certificate is the same and results came out to be workable though not ideal.
I ended up downgrading from Drupal 7 to Drupal 6 for this project (for other reasons), and making the whole site HTTPS and forcing it there through .htaccess and settings.php. I understand this also protects against "man-in-the-middle" attacks and the hosting company/server doesn't seem to mind - although I don't know if this effects SEO. I set the whole site to force HTTPS because of some additional issues I had with secure pages module.
I haven't tried adding the Add-to-Any module yet. This module may have triggered the Chrome peculiarity. I may try it, but I am thinking about using another module because of this posting:
Removing and documenting 3rd party tracking pixel on AddToAny
http://drupal.org/node/851680
#4