Forums

Google Fonts retrieved through HTTP (hard coded) - Website not fully secured

Permalink
Our Website is based on concrete5 5.6.3.3
http://www.titanswaterpolo.ca

We have recently installed SSL certificates, so this is 'working' as well:
http://www.titanswaterpolo.ca

However, we are not able to get the (green) padlock indication, meaning, the Website is fully secured.
I have run this test here:
http://www.whynopadlock.com/

The culprit (several failures) seem to be the codebase within concrete5 core files. This is the screenshot of the results (failures are presented here):
http://puu.sh/wyzsW/96241e0b94.png...

It seems concrete5 (ver 5.6.3.3) retrieves Google fonts through HTTP and this is hard coded. :(

What are our options at the moment?
Any advice?



============================================
# concrete5 Version
5.6.3.3

# concrete5 Packages
Amiant Image Gallery (0.7.3), Awkward Slider (1.0.4), Content Around Image (1.23), Contest (1.1.1), Cu3er Slideshow (1.1.7), Formigo Social Life (0.9.3), Google Plus One (1.0), Login (1.1), Power Slider Lite (1.1.1), Slate Theme (1.5.2), Sortable Fancybox Gallery (1.15), Tweetcrete (1.6.0), Tweetcrete (1.7), Tweeter (1.0.9), Yosemite (1.0), ZenLike (1.03).

# concrete5 Overrides
blocks/autonav, themes/codeblog, themes/Beulah

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - On - In all cases.
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
5.5.38

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dom, ereg, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, libxml, mbstring, mcrypt, mhash, mysql, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_pgsql, pgsql, Phar, posix, pspell, Reflection, session, SimpleXML, soap, sockets, SPL, standard, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib.

# PHP Settings
max_execution_time - 30
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 1000
memory_limit - 512M
post_max_size - 128M
sql.safe_mode - Off
upload_max_filesize - 128M
mysql.max_links - Unlimited
mysql.max_persistent - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
pgsql.max_links - Unlimited
pgsql.max_persistent - Unlimited
session.cache_limiter - nocache
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5
 
ConcreteOwl replied on at Permalink Best Answer Reply
ConcreteOwl
This is nothing to do with the concrete core code, it is your theme that is calling the font files from a http reference instead of a https one, just edit your slate theme header and change the 
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Droid+Serif:400,400italic|Lato:400,700" />

To this
<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Droid+Serif:400,400italic|Lato:400,700" />

Also one of your anchor links is pointing the the http location instead of the https one.
boskovuk replied on at Permalink Reply
hey weyboat,

That was great advice. Thank You!

I have updated this file:
/public_html/packages/theme_slate/themes/slate/elements/header.php

http://fonts.googleapis.com/css?family=Droid+Serif:400,400italic|La...
to:
https://fonts.googleapis.com/css?family=Droid+Serif:400,400italic|La...

However, when I test (refresh the page:http://www.titanswaterpolo.ca), I see the browser is still trying to read HTTP://fonts...., instead of HTTPS://fonts...

What am I not doing right?
I am not familiar with the concrete5 programming environment. Should things be restarted (or else) so code changes are applied?
blinkdesign replied on at Permalink Reply
blinkdesign
you could download the desired googlefonts and install them in your theme. make sure you set the local font-folder to CHMOD 777 and the font file to 666.