I am having an issue with this module on a site secured by ssl or https. The module is loading images over http by default even though the site is set up for https already. I tried clearing the cache already and I also tried disabling and reenabling the module. Did a search in the issue & didn't see any documentation o this. Need help with this asap!



debo7debo’s picture

Issue tags:+ssl htps

So I found the problem in the "socialmedia.widgets.inc" file. All the javascripts and images being loaded need to be from the https protocol, not http. This will prevent browsers from displaying message that "not all the content on the site are secure" when being loaded on a secure site. I found the problems in the sections of the file below.

I don't know how to write patches so I changed it manually in my file, so if someone can write a patch for this and submit it that would be great for everyone.

function socialmedia_widgets_element_addthis_js() {
  return '<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=[?username=[socialmedia:sm-addthis_username]?]"></script>';
  //return '<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username="></script>';
function socialmedia_widgets_element_linkedin_share_button() {
  $addthis_js = socialmedia_widgets_element_addthis_js();
  $elements['socialmedia_linkedin-share-button'] = array(
    'label' => t('LinkedIn share button'),
    'group' => t('Social media: LinkedIn'),
    'template' => '<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script><script type="IN/Share" [?style=data-counter="{top}"?]></script>',
    'form callback' => 'widgets_template_auto_form',
  return $elements;
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
    'template' => '<script src="http://www.stumbleupon.com/hostedbadge.php?s=[?style=5?]"></script>',
  //$addthis_js = '<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=[?addthis_username:[socialmedia:addthis:username]]"></script>';
debo7debo’s picture

Still finding an "addthis" script still using http:// in the source code of a rendered page, but I can't find any more http:// in the socialmedia module files.

Here is the code:
<script src="http://s7.addthis.com/js/250/addthis_widget.js#username=" type="text/javascript"></script>

debo7debo’s picture

Ok so I fixed that final piece. Apparently, the widgets generated by setup wizard have to regenerated by another run of the setup wizard. Downside of this is that if you customized placements and restrictions on blocks and other things, the setup wizard resets all of that.

ben.bunk’s picture

Issue summary:View changes
Status:Active» Needs review
Related issues:+#1976222: In Chrome https protocol pages module does not fetch feed from twitter
new30.66 KB

Adding a patch to switch all external paths to protocol relative to prevent http/https mismatch problems.

I have to apply patches with (patch -p1 < file.patch) but you might be able to use git apply.

mukhsim’s picture

new30.54 KB

Please find attached correct patch.

mdawe’s picture

This does not appear to be merged into release yet?

dfletcher’s picture

Would be great if this fix could get rolled into the latest version. Every time this module is updated I have to reapply patch since my client forces visitors to https via htaccess. I usually hear about this after someone applies updates and then opens a bug report with missing social media buttons. Would be fantastic if client didn't have to see this bug again. Is seems pretty simple to remove http: and use CDN style URLs, or am I missing something here?

Exigo’s picture

Somehow I could not apply correctly any of these patches, but I just manually replaced http:// with https://. I would also need this functionality to work without patching.