SSL and unsafe script/content

[gabiatti]

I have a PS installation 1.5.4.1 and everything was working fine till last week.

 

www.lcsmotorparts.com

 

Trying some optimization to speed the shop, I changed some configuration and after that the store keeps an alert of unsafe script or unsafe content (Chrome/IE/Firefox; no problems in Safari or Opera).

 

Checking it by Chrome console or whynopadlock, all errors make reference to files from themes, modules and js folders that is loading under http, instead of https.

 

If you access a page that requires https, it becomes a mess, losing css and js configuration

 

I found a lot of posts related to that, but no one gave a real solution to the problem.

 

I don't want to configure all my store under https, only the pages that really needs SSL protocol, so basically changes in httpaccess is not an option.

 

I have a good idea of what I have to do, change $base_dir to $base_dir_ssl, but I don't know WHERE, which folder/file I have to edit.

 

 

Thanks in advance for helping

 

 

 

[gabiatti]

No one? I need to fix this issue ASAP.

[gabiatti]

I still have this problem for almost two months.  

 

When I access secured pages (login or cart) it shows that there's unsafe JS scripts (Chrome/Firefox and IE). Those scripts are coming from files in directories JS, THEMES and MODULES.

 

The problem is so simple, that I fell shamed couldn't solve it. I want that those folders could load by HTTPS, instead of HTPP. 

 

It's not absolute link as logo image or google fonts, that use http, so I just need to ad the letter "S". It's dynamic content, load from somewhere, and I don't know where. Maybe in header.tpl, but I'm not sure.

 

In header.tpl there's 

<link href="{$css_uri}" rel="stylesheet" type="text/css" media="{$media}", and

<script type="text/javascript" src="{$js_uri}"></script>

That I imagine that's the way to configure the sources that causing this error

 

ie.

<script src="http://www.lcsmotorparts.com/js/jquery/jquery-1.7.2.min.js" type="text/javascript">/* <![CDATA[ *//* ]]> */</script>

 

That script have to load under HTTPS, on secured pages.

 

 

All was working fine, untill I made some changes in friendly url and media servers configuration. All changes reverted. I continue using no friendly urls and no media servers at all.

 

http://lcsmotorparts.com

Prestashop vs 1.5.4.1