Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Google checkout is pulling in JS code on cart/checkout (why?)
It is also pulling it from http not https which throws security errors on some browsers.
I simply changed http to https in uc_google_checkout.nodule and it solved the second issue.
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | 1137970-google-checkout-analytics-ssl.patch | 953 bytes | longwave |
Comments
Comment #1
TR CreditAttribution: TR commentedIt looks like that's a script for Google Analytics. I don't know why uc_google_checkout is doing a module_exists() to check for GA then loading GA JavaScript. It seems just wrong to entangle the modules like that. Anyway, it's loading it on cart/checkout because your GA visibility settings must designate cart/checkout as a page to add the GA code.
Aside from the weird architecture, the actual bug here is that the inline JavaScript added by the drupal_add_js() call in uc_google_checkout.module doesn't detect and set the protocol for downloading ga_post.js.
The same bug exists in Ubercart 7.x-3.x.
Comment #2
thill_ CreditAttribution: thill_ commentedAhh my bad, I just assumed the google checkout module was adding JS for google checkout,
I don't see the harm in pulling this from https, maybe a bit slower?
FWIW I have google analytics to set to store the code locally so it isn't pulling the code on the checkout pages. If this is the same JS and does need to be there it would be nice to check that variable and use the JS from the files dir instead.
Comment #3
longwaveThis code is present in Google Checkout due to http://code.google.com/apis/checkout/developer/checkout_analytics_integr... - the example given works the same way, but presumably was never tested on https.
Comment #5
longwaveA little-known feature of the URI scheme is that you can omit the protocol entirely to mean "same as this page", so hopefully this patch will neatly solve this issue.
Comment #6
frank0051 CreditAttribution: frank0051 commentedomitting the protocol just makes the browser append the top-level domain of the site to the rest of the address. for instance href="www.google.com/foo" would linked on a page of foo.com would look like foo.com/www.google.com/foo to the user. That's been my experience.
Comment #7
longwaveBut in this case the URL being linked to is "//checkout.google.com" not just "checkout.google.com".
Comment #8
frank0051 CreditAttribution: frank0051 commentedGotcha; never heard of that - let me play with it a little bit.
Comment #9
longwaveSeems to work in testing, and backed up by http://stackoverflow.com/questions/2181207/is-it-safe-to-use-schemeless-...
Committed #5 to both branches.
Comment #10
fivestarstravel CreditAttribution: fivestarstravel commentedHi,
I've read this thread (and also http://drupal.org/node/1301008) and am still not quite sure what I need to do to resolve this.
My site (https://fivestarstravelclub.com) is displaying the insecure https symbol in chrome because of the Google Checkout js (http://checkout.google.com/files/digital/ga_post.js).
I'm using D6.22/UC6.x-2.7/GA6.x-3.3, which are all up to date. Did the patch in #5 get applied to UC version I'm using, or do i need dev?
I'm not a developer, so I'd be thankful for any specific instructions/guidance you can provide!
Paul
Comment #11
frank0051 CreditAttribution: frank0051 commentedIf you look at the release dates of newest ubercart packages, you'll notice this patch is too new to be included. So, you would need to download Dev to get it.