images not displaying on SSL pages

[Britishcandycom]

My problem is:

Whenever you go to a https webpage on our website the images dont load up even through they have the correct https:// path.

We have a dedicated SSL.

If I store the images on our shared SSL they load up fine in the https webpages.

The images load up fine on their own in a IE7 browser in https.

The images load up fine on a regular http url.

We do not have a dedicated IP.

Any idea what the problem is?

Thanks for any help with this!

[activeco]

Difficult to find out without the url.

[Britishcandycom]

I have sent you a private message with a url. Thanks

[Dubbya]

use relative urls... not defining them as http:// or https:// also prevents the insecure content warnings.

[Britishcandycom]

I dont know what a relative url is

I have just found that this works:-

Image load up on my ssl webpage with https://mywebsite.com/image/image.gif but not with https://www.mywebsite.com/image/image.gif

Why would it work like that?

[activeco]

Check files/dir permissions. The images return 403 code.
Also a few javascript files were not found (builder.js, exxects.js, dragdrop.js...).

[Britishcandycom]

the title.gif has a chmod of 644

I dont think builder.js, exxects.js, dragdrop.js are used.

[Britishcandycom]

the image folder is chmod 755

[Dubbya]

Quote:

when a webpage changes from http protocol to https (SSL), if you embed any images by absolute paths without domain names (/images/o.jpg), they will be broken.
If you embed images with full URL absolute paths (http://yourdomain.com/images/o.jpg), the images will show up, but the user will get warning messages that the page is a mix between secure and non-secure items.

On web pages that make transitions between http and https, one should use relative paths to avoid these problems.

Source:
Absolute and Relative File Paths

An absolute URL would be:

Code:

<img src="http://www.yoursite.co.uk/images/mygif.gif">

A relative URL is one that is relative to file path of the document that calls it. For files located in the root of your web, you could call an image using:

Code:

<img src="/images/mygif.gif">

Likewise, using relative file paths for documents in a subfolder (one level deep), you'd call an image using:

Code:

<img src="../images/mygif.gif">

For images in documents two levels deep (within a sub-subfolder) you'd use:

Code:

<img src="../../images/mygif.gif">

TIP:
Because I wanted my site to be able to bounce back and forth between protocols, I got around the missing images and security alert box by specifying absolute URLs without the http:// or https://. The browser automatically appends the correct protocol as required. It's not exactly valid code but works like a charm, just as if you were to type in your site URL without typing the protocol. If you're stuck, give this a shot.


For example:

Code:

<img src="www.mysite.com/images/header/mylogo.gif">

[Britishcandycom]

that coded looks like <img src="www.mysite.com/www.mysite.com/images/header/mylogo.gif"> in the browser.

[Britishcandycom]

The only way i have been able to get images to load in the ssl is to use https://mywebsite.com/image/image.gif

/images/image.gif and https://www.mysite.com/images/image.gif doesnt work, although if you right click the image, the url is fine.

[activeco]

Look at the log file and find the '403' messages. You can post it here if you wish.
It looks like php script or some other file doesn't have access to directories.
Do you have installed subversion or do you use Yoomla or something similar which could have installation problems?

Also check if you get the same errors with a user logged-in.

[wige]

Quote:

Originally Posted by Britishcandycom

I dont know what a relative url is

I have just found that this works:-

Image load up on my ssl webpage with https://mywebsite.com/image/image.gif but not with https://www.mywebsite.com/image/image.gif

Why would it work like that?

Your security certificate is based on your subdomain name. It will either be issued to www.domain.com or domain.com. Whichever version you have on the certificate is the one that will work in your URLs, and the other form can not be used.

Quote:

Originally Posted by Dubbya

For example:

Code:

<img src="www.mysite.com/images/header/mylogo.gif">

This URL format is not widely supported. Although web browers are able to figure out that it is a URL in most cases, search engine spiders CAN NOT. In addition, browsers may default to the wrong protocol. There is a fully supported option that allows you to omit the protocol specification. This format tells the browser or spider to use the same protocol as the current document.

Code:

<img src="//www.mysite.com/images/header/mylogo.gif">

[Britishcandycom]

The cert is issued to www.mysite.com

secure images will not load up on secure pages on my website.

[activeco]

I don't think it is an ssl problem. Once the mismatch warning is accepted everything should load OK.
BritishCandy, do you have images hotlinking protection? Something like "RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/noimage.jpg" ?