I am running a website with standard Garland theme. I have installed Securepages and made just two pages secure, related to payment processing. But now the blue header on any of the pages except the front is not displayed to unauthorised users. You can see what I mean here: http://www.intnews.com/tcl2010/ (front page) shows image, click on any link like http://www.intnews.com/tcl2010/index.php?q=announcement and image doesn't display. Login and it is all OK, even though login is not via or to secure pages.

This is related to secure pages as it disappears when I uninstall. I have reinstalled theme and module a number of times but behaviour is consistent. Anyone got any ideas what is happening and how I can change it?

Thanks

Comments

guykit’s picture

OK, I changed the theme to another default theme and then changed back and it seems to be working fine now.

bsenftner’s picture

Priority: Normal » Major

I have this same issue, activating securepages.module makes my theme images disppear, and trying your fix above (switching to another theme and then back) did not fix the problem.

It is also rather inconsistent... somewhere between 50-75% of the time I get no images, and sometimes I get some but not all images.

I am seeing the "mixed security" icon of a padlock with an "!" in IE and the broken padlock in FF.

In Firebug, I can see the image tags with their correct https paths, and hovering my mouse over their paths display the image I'm expected, even though it is not appearing on the page.

In FireFox's dialog/window that pops when clicking on the broken padlock, it's "Media" sub-page shows all images referenced with https (don't know where the mixed reference is coming from), but more interesting is that the images that are not appearing on the page are reported to have dimensions of "0px x 0px" !

In my efforts to resolve this, I added the following to the very top of the securepages.module file:

/* Blake modification, from #10 on this page: http://drupal.org/node/863562 */
// Change base_url to HTTPS ($base_url may be explicitly set by settings.php)
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
  global $base_url;
  $base_url = str_replace('http://', 'https://', $base_url);
}

And for the record, I am not using any base_url setting in my settings.php file.

Help! I'm trying to open an online store, and this is a major blockage! (please?)

mo6’s picture

Status: Active » Closed (won't fix)

The "Blake modification" should IMO be part of the site settings.php and not appear in the module code.

The issue is a site configuration issue, not a module issue, so marking as closed.

jdieter’s picture

Title: Secure pages interfering with theme images » Secure pages interfering with images
Status: Closed (won't fix) » Needs review

All the background images have urls like : https://.....
but the main landing page is not https like http://www....
In I.E. 9 and Chrome, none of the background images show UNTIL the user vists an https: url
Our cert does not match our url right now.
Are there instructions somewhere on how to configure secure pages so the CSS background images are always http:// and never https?

jdieter’s picture

Version: 6.x-1.8 » 7.x-1.x-dev

On pages that are NOT https, the css images ARE https, and do NOT display in I.E.9 or Chrome.
Can secure pages be configured NOT to screw up the css images urls?

KuroNeko’s picture

I have the same issue, if anyone found a solution for this I would love to hear about it. missing images and broken padlock or warning sign depending on the browser.

KuroNeko’s picture

Here's what I've noticed...I'm running D7 with version 7.x-1.x-dev of the Secure pages module.

If I check "Switch back to http pages when there are no matches" the images load but the padlock is broken because of exceptions on the page.

If I uncheck "Switch back to http pages when there are no matches" the get the padlock and broken image paths.

I have applied the patches required in set up.

KuroNeko’s picture

I still can't figure this out. I'm using mixed http and https modes, which I think is the point of the module... So I have "Switch back to http pages when there are no matches" checked.

Using FireBug I can see that my images are being loaded with the https path, but I see they are also being loaded with the http path which I'm assuming is why the padlock is not displaying.

I also have the admin role set to always use https, when logged in as admin all of my images get the https path and are breaking. Every once in a while a cached image will appear but a page refresh breaks it again.

I've tried several flavors of if statements for the base_url in settings.php with no luck.

As I said in my previous comment, if I uncheck "Switch back to http pages when there are no matches" , I get the padlock but images are broken every where.

KuroNeko’s picture

SOLVED !!!!!

I had hot link protection on in the cPanel of my hosting account. I added the https path to my domain to the allowed urls for hot linking, flushed caches and it fixed this problem. I imagine turning hot linking off would also resolve this issue.

It looks like this in my htaccess file, although I only made changes in the cPanel for my hosting account.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|mp3||wav|aif|aiff|pdf)$ - [F,NC]

Hopefully this will save someone else sometime. Not an issue with the module but maybe useful documentation for installing and configuring.