I run an SSL-enabled site (https://www.eviscerati.org) and ever since the last update my visitors have reported that on pages where service links are enabled, they get browser warnings that the sit may be unsecure. It took some searching before I could determine it was actually a Service Links problem, but I believe the problem has to do with the graphics used for both the links and the widgets. Some are being pulled from other sites, and they don't use "https" when doing that pulling. Linking to a remote image without using https will cause every browser out there to report that a certificate-enabled site might have been compromised.

I've been using Service Links for a while, and I didn't start getting these reports until very recently, so it appears this was introduced in the update on the 10th. When I'm pretty sure it's a problem with the module because when I disabled it the warnings went away.

Files: 
CommentFileSizeAuthor
#3 service_links-2020881.patch564 bytesTheCrow

Comments

in general static links use the standard functions to render images so the address should turn automatically to https:// when needed

maybe the problem is with some widget which load its javascript asyncronous, if you enable them again i would give a look...

I re-enabled the module, if you want to take a look.

Currently on the main page Service Links doesn't display, and you can see the browser will show it's secure:

https://www.eviscerati.org

If you go to my comics page, you'll see that it's not secure:

https://www.eviscerati.org/comics

Hopefully this helps you some. Let me know if there's anything else I can do.

StatusFileSize
new564 bytes

Try this patch and clean the cache (also browser cache)

Status:Active» Fixed

That did it! Changed the status of this bug report to fixed. Thanks so much!

Version:7.x-2.2» 7.x-2.x-dev

You're welcome, committed it for both branches!

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue summary:View changes

Marked #2189805: Twitter widget blocked as a duplicate of this issue