Skip to Content Skip to Menu

SSL errors with captcha and uddeim on front end

  • activha
  • activha
  • OFFLINE
  • Posts: 2334
  • Thanks: 117
  • Karma: 13
10 years 5 months ago #245774 by activha
Hello

Using uddeim 3.4 , joomla 3.3, CB 1.9.1 we have security errors when trying to send a public message from the front end

Error is 2
[blocked] The page at ' ourwebsite.com/component/uddeim/?task=new&recip=87&nouserlist=7 ' was loaded over HTTPS, but ran insecure content from ' www.google.com/recaptcha/api/challenge?k=xxxxxxxxxx ': this content should also be loaded over HTTPS.

How can we solve this ?

Thanks

Please Log in or Create an account to join the conversation.

  • slabbi
  • slabbi
  • OFFLINE
  • Posts: 3709
  • Thanks: 250
  • Karma: 153
10 years 5 months ago - 10 years 5 months ago #245784 by slabbi
The recaptcha lib "recaptchalib.php" loads content from the Google servers using http only.

Search includes.php for
echo recaptcha_get_html($config->recaptchapub);

and replace this with
echo recaptcha_get_html($config->recaptchapub,null,true);

and do the same for pfrontend.php.

This enforces ssl encryption and hopefully fixes your problem.

uddeIM & uddePF Development
CB Language Workgroup
CB 3rd Party Developer
Last edit: 10 years 5 months ago by slabbi.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2334
  • Thanks: 117
  • Karma: 13
10 years 5 months ago #245793 by activha
Nope this did not work to enforce ssl connection on task=new when trying to send a public message to a user.

Cache emptied from both server and browser and same error

Could you make all links and calls ssl when https is used ?

Please Log in or Create an account to join the conversation.

  • slabbi
  • slabbi
  • OFFLINE
  • Posts: 3709
  • Thanks: 250
  • Karma: 153
10 years 5 months ago #245795 by slabbi
The problem is not uddeIM but the recaptcha library. The problem is that the recaptcha library displays a picture from the Google servers using http but your server displays all content using https. So the error is that unsecure content is displayed on a page that used https.

As the message says, the content from the Google servers should be loaded using https. According to the function call in the recaptcha library the additional parameter "true" should enforce https transfers. If not there might be a bug in the recaptcha lib. I am sorry but when my fix does not work there is nothing more I can do.

uddeIM & uddePF Development
CB Language Workgroup
CB 3rd Party Developer

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2334
  • Thanks: 117
  • Karma: 13
10 years 5 months ago #245796 by activha
Well we also use recaptcha lib in ccomment for instance and it works fine on ssl connections.

Can we use another library ?
If we unselect recaptcha will we go to another one by default ?

Please Log in or Create an account to join the conversation.

  • slabbi
  • slabbi
  • OFFLINE
  • Posts: 3709
  • Thanks: 250
  • Karma: 153
10 years 5 months ago #245797 by slabbi
Can you try the "internal" captcha service?

uddeIM & uddePF Development
CB Language Workgroup
CB 3rd Party Developer

Please Log in or Create an account to join the conversation.

Moderators: beatnantslabbikrileon
Powered by Kunena Forum