These days our eCommerce pages are littered with third party social bookmarking tools, social media tools, facebook like buttons, add this buttons, and third party marketing scripts. It is easy to lose track of the most basic aspect of your shopping carts’ security: valid HTTPS pages. Here is a quick way to isolate all of these third party utilities and simply avoid using them in the HTTPS pages:
What I have decided to do is add a simple check before we actual plant these tools inside the page, essentially check if this page is HTTPS and if YES – do not show these tools. Here is how to do so in your phtml files:
<?php if (!Mage::app()->getStore()->isCurrentlySecure()): ?>
/* <![CDATA[ */
//Your Third Party Code Here
/* ]]> */
<?php endif; ?>
Another less safer way to handle this is by dropping the ‘http::’ portion of the URLs. Yes, I mean you start the URLs from the ‘//www.thirdpartydomain.com/script.js’ which will then render the call from HTTP or HTTPS depending on what page you are on. However, careful with this one because many third party tools do not necessarily offer the HTTPS (Secure) option of their tools.