Thread

How do I get Safecracker assets (scripts, images, etc) to load securely on a page that is https? Any help appreciated. EE 2.1.3.

vicvega1972,

What scripts and images in particular are you referring to.

What I have done in the past if say linking to the CDN of jQuery of similar is link to the https version regardless if on the secure page or not. That covers that. Any images then I make their paths relative.

SafeCracker comes with 2 parameters called secure_action= and secure_return= which will ensure https as its action and its return

Does that help?

Thank you for the reply.

When I include safecracker_head=“yes” (or not include at all for default), it loads this script non-securely:

<a href="http://mydomain.com?ACT=79&ui=core,widget,mouse,position,draggable,resizable,button,dialog&plugin=scrollable,scrollable.navigator,ee_filebrowser,markitup,thickbox&v=1305227695&include_jquery=y">http://mydomain.com?ACT=79&ui=core,widget,mouse,position,draggable,resizable,button,dialog&plugin=scrollable,scrollable.navigator,ee_filebrowser,markitup,thickbox&v=1305227695&include_jquery=y</a>.

I have secure_action= and secure_return= set to yes and the page is https.

In addition, I have a page which displays a safecracker file, which happens to be an image. That image loads non-securely.

John

Hi John,

How are you forcing SSL on the server side? You may need to do the same for the SafeCracker elements for the moment.

Hi John,

How are you forcing SSL on the server side? You may need to do the same for the SafeCracker elements for the moment.

Brandon - in .htaccess I have set a certain directory to force ssl. What would be the strategy/directory to reference for safecracker elements?

I did notice this add-on that might help:

http://devot-ee.com/add-ons/https-support/

See if that helps you out. Untested on my end.