Broken Functionality With Secure Pages?

Peter Cho, Senior Developer
#Drupal | Posted

Images don't show up on IMCEAJAX requests fail to deliver data? Other functionalities cease to exist upon installing secure pages? These symptoms are signs that secure pages could be encrypting these features, thus failing and rendering certain features on the site useless.

Site administrators enable the Secure Pages module as a means to enable SSL on all or a subset of their web pages. Typically, if we don’t enable this on all the pages, we at least want to apply the SSL certificate on any administrative pages that handle tweaking configurations and generating content. However, since some components of certain pages may run behind SSL, you may notice functionality that you used to have previously, disabled randomly.

Troubleshooting

Try disabling the Secure Pages module and see if whatever is broken fixes itself. If so, it is evident that certain features on your site are failing validation against your site’s secure certificate.

Fixing the Issue

You want to go into the admin page for secure pages in your Drupal installation to add the entries that are failing validation.

  • In Drupal 6, go to admin/build/securepages
  • In Drupal 7, go to admin/structure/securepages

The fields should be similar in both versions:

Drupal 6:

Drupal 7:

Assuming that the “make secure only the listed pages” is checked, Secure Pages installs a list of common paths catered to Drupal core (may be different for both 6 and 7), but does not include any special paths for custom modules. So what would you do in this case?

Look at the URL where the feature is breaking and include the pattern in the list. For example, if the URL looks something like:

<a href="http://www.example.com/foobar">http://www.example.com/foobar</a>

You would typically want to add this entry to the list.

foobar*

The URL may not be the only place where you’ll get this information. You might have to look at any AJAX requests made in your browser console to see what other scripts are failing execution.

In most cases, you’re probably reading this post mainly because features in IMCE fail to work.  In which case, I would recommend including this in your list of whitelisted paths.

  1. imce*
  2. filefield*
  3. noderelationships/*
  4. views/*

Note: If you’re a module maintainer, it might be a good idea to include instructions on what paths to include in the secure pages configuration to simplify the installation process for your end users.

If you are in the Washington DC area on Monday, June 10th,  join me at the Drupal Meetup!

Peter Cho

Senior Developer