nitesh13t / google-ajax-apis

Automatically exported from code.google.com/p/google-ajax-apis
0 stars 0 forks source link

Getting SSL pop up while using Google tanslator in Secured Sites #463

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I am using Google translator in my website which is SSL secured. Each time 
when the page loads I am getting an SSL pop with a message as "in-secured 
content"

I got a suggestion from Vision Jinx, according to that I have replaced the 
URL 
"<script type="text/javascript" 
src="http://translate.google.com/translate_a/element.js?
cb=googleTranslateElementInit"></script>" 

to 

"<script type="text/javascript" 
src="https://translate.google.com/translate_a/element.js?
cb=googleTranslateElementInit"></script>"

The problem has not yet solved. I am still getting the SSL pop up. Is there 
any way to resolve this issue.

Original issue reported on code.google.com by Er.shash...@gmail.com on 24 May 2010 at 9:35

GoogleCodeExporter commented 9 years ago
Please provide a link to your page so we can look to verify the problem.

Original comment by jrgeer...@gmail.com on 24 May 2010 at 12:12

GoogleCodeExporter commented 9 years ago
According to this page: 
http://groups.google.com/group/google-translate-general/browse_thread/thread/289
f3708c2b85ee3/b4563f68af55e097?pli=1

 This is a known issue.  Doing a search on the issue returns thousands of pages of users who are experiencing this in their projects.  

Original comment by DigitalF...@gmail.com on 11 Jun 2010 at 6:19

GoogleCodeExporter commented 9 years ago
DavidGouldby
2/11/10
I believe I've found the source of the bug, it would be greatly appreciated if 
this could be fixed.

We've had the translator implemented on a secure control panel for a few weeks 
now, it has been working fine.
But today, it started to throw warnings, stating that some of the content was 
not loaded securely.

Firstly, looking at the page source code, I found the content that wasn't 
loaded through HTTPS, the link is:
http://www.google.com/images/cleardot.gif

This image URL isn't specified in our code, so I tried going backwards through 
the Google code/scripts, and I ended up here:
https://translate.googleapis.com/translate_static/js/element/main.js

I found 2 references to cleardot.gif in this javascript:

Line 10: 
protocol=="https:"?"https://":"http://",rc=qc+"www.google.com/images/cleardot.gi
f"
As you can see here, the code chooses between http or https, so that works fine.

However, on line 77, there is no such code to swap between http and https:

a.Xa+"',sizingMethod='scale');\"></span>":'<img src="'+a.Xa+'">','</td><td 
width=8></td><td width=1 nowrap><a id="close" href="javascript:void(0)" 
title="',"Close",'"><img src="http://www.google.com/images/cleardot.gif" 
width="15" height="15" 
style="background-image:url(',a.Qc,');background-position:-28px 
0px"></a></td></tr></table><div id="original" 
class="goog-te-balloon-text"></div><div id="zippy" 
class="goog-te-balloon-zippy" style="display:none"><img id="zippy_img" 
class="plus" width="12" height="12" 
src="http://www.google.com/images/cleardot.gif"><span>',

It loads this image through HTTP only, this is what is throwing these warning 
messages for us.

Can the same http/https code be added to line 77 from line 10?

Original comment by DigitalF...@gmail.com on 11 Jun 2010 at 6:20

GoogleCodeExporter commented 9 years ago
Is this a work in progress does anybody know? Or should we be finding 
alternative solutions?

Currently, it's preventing me from implementing the system on our site..

Thanks
Andy

Original comment by heron.a...@gmail.com on 28 Jun 2010 at 12:47

GoogleCodeExporter commented 9 years ago
Is anyone watching this at all? 

Original comment by heron.a...@gmail.com on 1 Jul 2010 at 2:39

GoogleCodeExporter commented 9 years ago

Original comment by jscud.w...@gmail.com on 14 Jul 2010 at 10:59

GoogleCodeExporter commented 9 years ago
I noticed another HTTP/HTTPS crossover problem with the jquery api.

When using:

  <script src="https://www.google.com/jsapi"></script>
  <script>google.load("jquery", "1",null);</script>

the jsapi makes a call to http://www.google.com/uds/stats?r0=el%7Cjquery&nc=... 
(for usage tracking purposes?) which causes the browser to report that the site 
is not fully secure (mixed http/https).  The jsapi could/should use https in 
that uri in this case.

The result of the /uds/stats url is a cleardot image like the one you are 
seeing.

Original comment by displague on 4 Aug 2010 at 3:38

GoogleCodeExporter commented 9 years ago
considering this has been reported time and time again, and there has yet to be 
any resolution in over 6 months of waiting I am not holding my breath that 
there will be a resolution any time soon, if at all. 

Original comment by DigitalF...@gmail.com on 5 Aug 2010 at 5:48