Using AnalyticsForPlone 1.1 on a SSL-only Plone site causes Internet Explorer 7 to display a "Mixed content" security. alert. on. *every*. page. loaded. from. the. site.
Very. annoying. :-/
IE7 has a security feature that warns the user when a secure page contains non-secure content[1]. And that security warning is not easy to disable...
For SSL sites, Google Analytics offers an alternative script snippet[2] to insert into tracked pages, that loads the urchin library from a secure site. That way, all page content is secure.
Unfortunately, the AnalyticsForPlone product has a hardcoded script snippet[3] that always loads the library from the non-secure Google site. And this results in mixed-content pages. And. the. annoying. warning...
Regards,
Georges Martin
--
[1] search for "mixed content" in "HTTPS Security Improvements in Internet Explorer 7":
<http://msdn2.microsoft.com/en-us/library/bb250503.aspx>
[2] "I'm having trouble creating a profile for my secure website." in Google Analytics Help Center:
<http://www.google.com/support/googleanalytics/bin/answer.py?answer=55552&topic=10983>
[3] at line 2 of analytics.js.dtml:
<https://svn.plone.org/svn/collective/AnalyticsForPlone/trunk/skins/analyticsforplone/analytics.js.dtml>
Logged In: YES
user_id=585084
Originator: NO
A new field "Google URL" has been added in the property sheet of the analytics for plone tool in ZMI. this parameter is not available thru the plone configuration panel. It should solve your problem.
Logged In: YES
user_id=1793398
Originator: YES
Thanks for the patch.
I was wondering anyway, wouldn't it be interesting to link to the secure google script when in a secure page, and to the non-secure google script when in a non-secure page ?
As in:
if (location.protocol == 'https:')
{
document.write('<script src="&dtml-google_ssl_url;" type="text/JavaScript"><\/script>');
}
else
{
document.write('<script src="&dtml-google_url;" type="text/JavaScript"><\/script>');
}
That way, "mixed" Plone sites, with SSL and non-SSL pages, would work without modifications.
Your opinion ?
Regards,
Georges Martin
Logged In: YES
user_id=585084
Originator: NO
Seems to be a good idea. I have no time to test that your patch is working. I commit it to the trunk, and I hope you'll test it. Your feedback is welcome on this point.