Google Chrome and SSL in osCommerce

I only use Google Chrome these day for browsing. But when I am creating a design I also test in Internet Explorer and Firefox.

I had an issue the other day when I set up a design I made on localhost to the live server. All went well, until I had to set up the osCommerce site to use SSL – we all know how easy this is…a change in the configure file and all is done.

Then I tested it in Chrome. The browser was telling me there was unsecured content within the page! Well, after a good 30 minutes of checking through my code, I can’t find anything that is insecure!

I then checked the site in both Internet Explorer and Firefox – guess what – padlock SSL is working just fine with no insecure warnings! Try Google Chrome again, and it is still giving me warnings.

I then Googled and found some bug reports for Chrome, one of which is the SSL problem. It seems as though Chrome issues an insecure report when ANY link within a https page is linked to a http page! So this in a https page;

<a href=”http://www.google.com”>google</a>

will make Chrome choke and give an insecure warning – simply because the link is to a http page rather than a https page. This is a bug that needs sorting out, please Google.

Anyway, just wanted to post this to save anyone else from wasting time hunting for a fix when they see Chrome is giving a warning when other browsers are not.

12 Replies to “Google Chrome and SSL in osCommerce”

  1. Just installed Chrome. Don’t like it, yet. Really bummed discovering the dilemma above. Thank you for the information! Wonder how many customers with Chrome have left the site because of this?

  2. Hi Gary

    I never knew about this bug, thanks for pointing it out. I tried today, and all I can say is I find it surprising, to put it mildly, that over a year after your initial post this issue still hasn’t been fixed.
    Like Erik, I cannot help but wonder how many customers left the site because of it, given that in my case 25% of my visitors use Chrome. 🙁

  3. Hi Erik, Hi Isa

    I’m pretty sure this bug has been fixed. I’m now on Chrome 13.0.782 and what I was experiencing when I originally wrote this post does not happen anymore. I can be on a https:// page and links to http:// pages now do not throw a padlock error…

    I just tested it on one of your https pages Isa…all good.

  4. Well, if I take a product page of mine that contains an external link, and add https to the url to see it over SSL, Chrome throws the warning, FF and IE don’t. Perhaps I’m missing something, I often do. 🙂

  5. If I login to my site and it takes me to a NONSSL page after logging in (index.php or something), chrome will have the https crossed out no matter what page of the site I visit after that ssl or nonssl. No other browser does that. The only way to make it go away is to clear everything out of the browser and then go back to the site. We all know a customer isn’t going to all those steps just buy something 🙂 So there are still some current SSL bugs with chrome. Their explanation is their browser is actually doing what it is supposed to do and the others are “broken”……..

    I spent about an hour going over files thinking I had messed something up and it was just the chrome issue…

  6. I will try to find you the q & a that I was reading about my particular issue…

    Basically the “expert” was saying that Chrome simply is doing what ALL browsers should be doing by saying that content is no longer SSL. What is funny is that there were no NONSSL things on page it was complaining about and it said it was using a TLS 1 connection and the site identity was verified…

  7. I haven’t a clue Gary and I’m no expert, but my personal opinion is that they have a bug popping wrong errors on SSL pages, because the other browsers aren’t throwing the errors, plus, at least in my case I know my SSL is perfectly alright and my site correctly configured. And if you look at Matt’s problem, surely it’s not right for the browser to behave like this. Just my opinion.

  8. I forgot to add: in Matt’s case, if what they wanna do is advise the viewer that the content is no longer SSL’d when leaving an SSL page, then they should be doing it another way, right now they just cross out the https and the padlock in red, and they warn you about the page’s contents, basically scaring the viewer.

    But in my case they simply pop the warning whenever you try viewing any page over SSL that contains a link, and once you’ve had the red crossed out https it keeps showing it to you even on pages that contain no link, and you have to clear the browser cache to get rid of it.

Leave a Reply

Your email address will not be published. Required fields are marked *