Insecure content on checkout page

I also tried installing your plugin, but I’m still getting insecure content warnings. I’m not sure what else to do :-/

G’day chrisyannick,

Your checkout page is attempting to load a file loader.svg from your media library — it’s not loaded on the page, so it is probably being requested through a script or stylesheet.

The file also doesn’t exist, so it gets a redirect to the /straight-shooter/ page, also on http. Two warnings for the price of one ??

I suggest that you go hunting through your theme settings for a custom loader / ajax spinner image, because that’s what it sounds like to me.

cheers,
Ross

Hi Ross,

The image straight-shooter is located on my blog, so I don’t know why it is showing up on my checkou page. If I delete the image, another image just takes its place.

Sorry to ask, but what is a custom loader/ajax spinner image, and how will that fix the issue?

Thanks,
Chris

G’day Chris,

It looks like straight-shooter might be a redirect from 404s, e.g. if you try to load this non-existent image, you’ll get redirected:

https://fluencyuniversity.com/wp-content/uploads/not-an-image.svg

A loader / Ajax spinner image is something that is displayed to indicate that something is happening, so that people know to wait. e.g.

https://ajaxload.info/cache/FF/FF/FF/00/00/00/1-0.gif

Somewhere in your theme is a setting for the loader image, and it’s been set to an image that

a) starts with http not https
b) doesn’t exist, so it redirects to straight-shooter

cheers,
Ross

Hi Ross,

the loader.svg image is an image in located in my woocommerce/assets directory. But I’m not sure what it’s used for. Should I just change it to https? Would that solve the issue?

Otherwise I have no idea where to look in my theme settings since the file loader.svg is nowhere to be found on my WordPress site.

Thanks,
Chris

I just looked again, and it’s requesting the loader.svg from your theme folder, not uploads or WooCommerce:

https://fluencyuniversity.com/wp-content/themes/wplms/assets/images/icons/loader.svg

If it’s not a setting in the theme, then it’s a bug — you’ll need to take that up with the theme author.

cheers,
Ross

I tried to edit the file loader.svg in my web directory and change all instances of http in the code to https. It had no effect.

I also deleted the photo straight-shooter. Now another image is showing as insecure (lighten-up), which is just another image pulled from my blog.

Not sure what else to do.

I appreciate the help. I have also written to my theme author so maybe they can tell me if it’s a bug.

Thanks,
Chris

G’day Chris,

Editing the .svg file will do nothing. Something is loading it from the wrong place, with the wrong protocol (http). My guess is that it’s the theme, either via JavaScript or CSS. Your theme author is definitely the person who can help you with this. I suggest waiting to see how they respond.

cheers,
Ross