Product reviews break https

[keat]

I've had a product review recently, and noticed that when it's published it breaks the site security.

I initially assumed it was becuase the customer put a link to his site, but even after removing his link, I lose HTTPS for that product.

 

V6.10 using the Mican Skin

[bsmither]

This skin, and others, use a service provided by Gravatar, a place that the public can make available an image to represent oneself. Whether that be an actual headshot, cartoon image, or whatever.

The URL to the Gravatar service is fixed at http: which will cause browsers to complain about mixed security on pages served from https: sites.

In the template file content.product.php, find near line 163:

<a href="http://gravatar.com/emails/"><img src="http://www.gravatar.com/avatar/{$review.gravatar}?s=50&amp;r=g" /></a>{$review.review}

Change to:

<a href="//gravatar.com/emails/"><img src="//www.gravatar.com/avatar/{$review.gravatar}?s=50&amp;r=g" /></a>{$review.review}

By removing the protocol, we delegate to the browser the responsibility to decide which protocol to use to fetch the resource from the Gravatar service. The browser will use the same protocol that was used to fetch the product page - thus no more mixed security on that page.

[keat]

Thanks Brian.

 

I did try the code change but it didn't work, the https was still broken.

However, I did change the line:

<a href="http://gravatar.com/emails/"><img src="http://www.gravatar.com/avatar/{$review.gravatar}?s=50&amp;r=g" /></a>{$review.review}

  to state https://, and this seems to have fixed it.

[bsmither]

Interesting. I wonder if your browser was fixated on using what it already had when it fetched the resource from before.