Support

Home Forums Event Espresso Premium EE's Jquery Generating SSL Errors in IE — Need a Fix Please :)

EE's Jquery Generating SSL Errors in IE — Need a Fix Please :)

Posted: May 27, 2013 at 9:31 pm

Viewing 8 reply threads


Chris

May 27, 2013 at 9:31 pm

Hi there,

We are using the latest WP 3.5.1 and 3.1.32.2.P of EE, along with the Multi-Event Registration Add-on.  Brand new installation.

We have followed your SSL instructions:

https://eventespresso.com/wiki/espresso-sslhttps/

We have tried BOTH of the plugins you mentioned there and get the same error with either of them. In IE it asks if we want to display the content with security certificate errors. Having tested this page:

https://allsaintsyouthministry.org/theatre/?page_id=8

We’ve narrowed down there is a call being made to code.jquery.com — and it loads insecurely, but the first plugin you mentioned on your help page will add the https:// to it, but jquery.com doesn’t allow you to load via SSL apparently, so it still generates IE errors.

We then got a plugin that forces the use of Google-hosted jquery libraries (which DOES offer https)…but it can’t change the EE call apparently.

I just searched through EVERY file on our site and the only place the code.jquery.com is appearing is in espresso.php — which appears to be generating the SSL insecure call problems.

What do we need to do to this file (or settings) to edit/change to get it to call jquery totally securely and eliminate the security certificate call error messages happening in IE?

Thanks,

Chris 🙂


Jonathan Wilson

May 27, 2013 at 9:36 pm

Hi Chris,

What version of IE are you testing this on? We only guarantee compatibility on the latest 2 versions. This would be IE 9 and 10.

 


Chris

May 27, 2013 at 9:49 pm

Hi Jonathan,

Using the very latest – IE 10.

Running this page:

https://allsaintsyouthministry.org/theatre/?page_id=8

Through http://www.whynopadlock.com also confirms there’s an error with the EE .php file I referenced above and it’s call to code.jquery.com/jquery-migrate-1.1.1.min.js?ver=3.5.1

By default the http generates insecure errors (if we’re using an SSL page and the plugins your own site recommended) and the https://code.jquery.com/jquery-migrate-1.1.1.min.js?ver=3.5.1 version is not a valid secure call — jquery.com doesn’t have SSL set up properly to handle that, which you can confirm by going to https://code.jquery.com/jquery-migrate-1.1.1.min.js?ver=3.5.1 directly in Chrome or Firefox or IE.

We need to get this fixed with the EE code so it’s not generating errors in IE — especially since a lot of our audience still uses that.

Thanks,

Chris


Dean

May 28, 2013 at 1:03 am

Hi Chris,

 

Thanks for letting us know about this, I have raised a developer ticket to look into why we are only pulling the HTTP version of the script.


Dean

May 28, 2013 at 1:19 am

Hi,

We have a fix for this if you would like to try it out. It does require editing a file though.

The espresso.php file in the core plugin directory has a line of code in it about line 742 that reads

wp_enqueue_script('jquery-migrate', 'http://code.jquery.com/jquery-migrate-1.1.1.min.js', array('jquery'));

This needs to be changed to

wp_enqueue_script('jquery-migrate', is_ssl() ? 'http://':'https://'.'code.jquery.com/jquery-migrate-1.1.1.min.js', array('jquery'));


Chris

May 28, 2013 at 8:42 am

Hi Dean,

Two issues here:

1) The fix above apparently doesn’t work and actually causes more problems. It’s now loading the code onto the page as:

<script type='text/javascript' src='http://?ver=3.5.1'></script>

I put the code in exactly as you instructed, in a code editor.

2) More importantly, even if this fix worked, this fix doesn’t address what I posted in my last post, May 27, 2013 at 9:49 pm. JQuery’s site doesn’t have a correctly set up SSL, so even if it’s being called by https (which it wasn’t designed to do), it still generates errors in IE, and is considered an insecure call by SSL/HTTPS validators (like the one I posted above). We DID in fact get it calling https before…but then it generates different security errors in IE, which is still a widely used browser.

Can that code by called from Google instead? Or is the only fix to download the jquery-min and host it on our own site?? I’m surprised I didn’t find more mentions of this in the support forums…

Thanks,
Chris


Josh

  • Support Staff

May 28, 2013 at 9:07 am

Hi Chris,

The jQuery migrate plugin does not load from jQuery.com’s CDN as https. So in this case, you could probably try it without the migrate plugin. I think it’s only there in cases where jQuery is being loaded as a newer version (1.9) than what WP currently ships with (1.8.3).

So you can deregister the script by adding this code to your WP theme’s functions.php file:

// Deregisters jquery migrate plugin IMPORTANT: remove this when updating to WP 3.6
add_action( 'wp_print_scripts', 'my_deregister_migrate', 100 );

function my_deregister_migrate() {
	wp_deregister_script( 'jquery-migrate' );
}

-or- comment out the line in espresso.php that registers the migrate plugin.


Chris

May 28, 2013 at 9:44 am

Hi Josh,

Thank you. What if we downloaded the jquery migrate plugin you’re calling, and host it on our Amazon S3 acct, and then change the call to Amazon’s https:// ? (Which does properly support S3, as does their Cloudfront)

Chris


Josh

  • Support Staff

May 28, 2013 at 10:21 am

Hi Chris,

You could, but you’d likely need to revert all these changes when you update to WordPress 3.6. In this case you don’t really need the jQuery migrate plugin because your site is loading version 1.8.3 of the jQuery library.

Viewing 8 reply threads

The support post ‘EE's Jquery Generating SSL Errors in IE — Need a Fix Please :)’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Event Espresso