Salsa Scoop> tag: ”blog:donation management“

Why are my pages not secure? (Un)locking the mystery.

Salsa automatically generates a secure URL for pages involving monetary transactions - donations, paid events, storefronts, etc.  However, just because those pages' URLs begin with "https://" doesn't mean they are secure - if you are loading nonsecure files or images anywhere  on the "secure" page, the whole page will become nonsecure.  This manifests through a "broken" lock symbol in Firefox, and through pop-ups or other warnings in IE. You don't want potential donors or supporters scared away because they think their transactions won't be secure - so what you can do?

1.  Find out which template your nonsecure-soon-to-be-secure page is using.  You can do this by looking at  the number after the /t/ in the page's URL - this is the template key - or checking  which template is highlighted on Step 1 of your page creation workflow.  If no template is highlighted or there is no /t/ in your URL, you're using your site's default template. To see a list of your templates, go to dashboard -> manage templates.

2. Open up the offending template (edit) and search for "http://" in the template code.  This will help you find all nonsecure files and images your template is loading.  Any one of these will cause your entire template (and any page loading that template) to not be secure.  You can ignore anything that begins with a href="http://..." - these are just links to external sites and won't affect your page's or template's security.

3.  Download all these nonsecure files and images onto your local machine, and upload them to your secure Salsa images directory (website features -> photos/images -> list/upload images).  Click on the newly uploaded files and images to get their new, secure Salsa URL, and replace the old "http://..." URLs in your template code with the new, secure Salsa URLs.

4.  If there aren't any further nonsecure files or images being loaded through your template, your donation/paid event/storefront page should now be secure, and ready to go!  If there are, repeat until you've got them all.

Things to Note

1. Offending files are not just images (.jpg, .gif, .png), but also javascript or other external script files (.js, .css, etc).  Don't just search for one kind of file - search for ALL http:// URLs for potential malefactors.

2. If you are sure that your template is secure but the page calling it still isn't, view the source of the nonsecure page and do a search for "http://".  It's possible that the content of the page itself is loading a nonsecure file or image.  If it is, follow the steps below to upload it to secure link and replace the nonsecure URL.

3. You might occasionally get complaints from IE users that even secure pages are triggering certain security warnings in IE.  The most common of these warnings can be avoided by making sure your secure pages also redirect to secure pages upon submission.  If you don't have an appropriate secure thank you page handy, you can take care of this by not specifying an external redirect path and just letting your page redirect to the default secure thank you page Salsa provides.