Okay, so in our shopping cart system which uses asp.net, we run accross the silly little pop-up from IE that tells us that some things on the page aren’t secure. Rather than explaining to every single customer (about 13,000 visitors per day, I’d hate to be the one answering the phone) how to set their security preferences in IE to display mixed content, I wanted to devise a way to switch back to the non-secure area of the site, when not visiting pages that require security. We are using Able Commerce, but I am sure this could pertain to any number of systems, although some of the coding would no doubt change.
Okay so the left navigation menu, calls the links to the rest of the cart system from the database, it calls them by using:
response.write(objLNMenu.getHTML())
objLNMenu = nothing
So what I did was this:
‘response.write(objLNMenu.getHTML())
dim strLinkHTML as String
strLinkHTML = objLNMenu.getHTML()
strLinkHTML = Replace(strLinkHTML, “/shop/”, objStore.StoreURL)
response.write(strLinkHTML)
objLNMenu = nothing
Which basically took the regular value of objLNMenu.getHTML() which would be: /shop/productpage.aspx for example and then used that value and replaced the /shop/ with the objStore.StoreURL, which is: http://www.yourdomian.com/shop/. Thus ending up with an absolute link of: http://www.yourdomain.com/shop/productpage.aspx. Which in turn being an absolute link, takes the user from the secure side (HTTPS://) into the non-secure (HTTP://).
That way if you do have a few images, or iframes or whatever that are called with an absolute link from your domain, or another domain, the user will never get the annoying pop-up message, and you will never get the ever annoying e-mail or phone call saying that your site is not secure, when in fact it is.
Subscribe to RSS
