Mixed Content Issue on Checkout Page of WooComm

You have an issue with an insecure endpoint:
`Mixed Content: The page at ‘https://www.jatekbiochemicals.com.au/checkout/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘https://www.jatekbiochemicals.com.au/’.

Normally this would mean that in the ajax request a https:// url is used. But the strange thing is: there doesn’t seem to be a reference to a http link at all. I’ve checked your .js files and css files, and the source. The ajax url is passed with https.

What happens if you deactivate all plugins, except the absolute minimum required ones to test this?

Rogier

Hi thanks for getting back to me so quickly. Yes I did a view page source code check myself and while no expert could not see any issues either. I am wondering if something in the cloudflare settings could possible cause an issue here?I’ve now switched off most plugins as per your recommendation and I am still having the same problem.

Best

Grant

Oh and one other thing also is the tech people from OSpayment sent me this link https://prnt.sc/ck49b1

Does this tell you anything?

Best

Grant

That is the error I mentioned in my first reaction, the insecure XMLHttpRequest endpoint.

I’ve just checked your site again, and I noticed the error has changed, so deactivating the plugins has had some effect after all:
No 'Access-Control-Allow-Origin' header is present on the requested resource

This means access from another domain (in this case the non ssl domain) is blocked.
Please try if adding this to your .htacccess helps:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

Thanks I pasted it in so my .htaccess file looks like this now

php_value max_input_vars 6000
php_value upload_max_filesize 64M
php_value post_max_size 64M
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin “*”
</IfModule>

# END WordPress
# BEGIN Brute Force Login Protection
#ErrorDocument 403 “blocked”
# END Brute Force Login Protection

No joy unfortunately. I am wondering too whether things had changed because I made some setting changes for cloudflare and have it in Dev mode. I have another cart on a Divi Site (so basically the same set up where this problem isn’t occurring so it isn’t theme related but something else ??? Any other ideas here? I’m totally lost with SSL.

Best

Grant

Is the other site where it’s working on SSL as well?

Yes it is. https://manicbotanix.com — although the cart isn’t operational yet they have been selling a piece of software through it with no problems. Both have SSL and both are using Cloudflare. I have no idea what has gone on here. I’ve spoken to the server people about the problem and they assure me it isn’t server side as several other WooCoomerce carts are on the server and not having problems.

Could this perhaps be a problem at the paypal end where we haven’t entered the API or something else correctly.

Best

Grant

You could also make a copy with Duplicator of your working site in a dev folder. If it then stops working on your new domain, then it is something in the server, cloudflare or paypal settings. If it works, you can then step by step give it the configuration you have now, until it stops working. This way you should be able to track it down.

Okay thanks Rogier. We’re taking it Cloudflare now and I’ll do as you suggested to see if there is some sort of server problem that may be causing it. Speaking to the server person he too is baffled by what’s happening.. Thanks so much

Grant