01438 741177         thewinesociety.com

The Society's Community

WS Not Secure?

Question for the WS team, when I logged into the WS site today to look at the mixed case offer, it stated next to the WS site address that it was not secure?
Any thoughts?

says secure for me, the certificate expires in October. might help to say what your setup is to see if it’s something to do with yoour browser (maybe it needs updating?)

as an aside, I looked at the info Firefox provides and saw this:

:grimacing: :laughing:

7 Likes

As @tom says, please do let us know what browser/system you’re using - although I’m sure our site is indeed secure, so I hope I can reassure you there. :slight_smile:

Hahaha! I love how Firefox’s response seems almost exasperated/sarcastic - “Have you visited this site before? * Sigh * Yes, yes you have…” :rofl:

2 Likes

it’s a lot worse for the Community…

no wonder my spending has gone through the roof since I joined!

4 Likes

I am using Chrome and TWS site shows as not secure but this community site shows as secure. Seems a bit strange. I hadn’t noticed TWS not being secure before and I wonder if this changed at some time or whether I just didn’t notice.

Actually, I was looking at a wine page and Firefox does show a warning on the home page. i clicked around and coldn’t find another page that was showing as not secure, so must be something specific on the homepage.

https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox

In Chrome, it appears to change to secure as soon as a wine is selected and certainly when it is added to basket.

This is very useful info - I’m going to forward these findings to the web tech team to have a look at. I’m sure the website is secure, but if there’s a glitch with an image somewhere causing that message we need to fix that.

Sometimes these things happen because of some network failure en route to checking the security certificate(s). That may not affect everyone, and it may not be the fault of the society or the certificate issuer.

Both Chrome and Firefox are not showing any security problems for me.

1 Like

The issue appears to be to do with encryption. For some of the pages the connection is not encrypted meaning that communication from you would be potentially accessible to hackers. However those pages do not require any input from you so not really an issue! As soon as you move onto pages that have input (eg. selecting a wine that you might then add to your cart) the pages do appear to be encrypted.

However that latter does not seem to be the case on the community pages which still show the website connection to be unencrypted even whilst typing this reply.

I’m not too bothered by that as I’m not entering mega secure information in my posts :smiley: it’s far more important that the connection is secure when you get to ordering which the TWS ordering pages appear to be.

It’s down to some images on some pages being served as HTTP rather than HTTPS. For example, on the home page, it fetches the images for the Bollinger and Blind Spot offers via an HTTP link. Depending on the browser, this can result in a message being displayed that says that part of the page is insecure.

It’s probably not a big security risk, but doesn’t look good, and risks driving people away if they think the site isn’t secure. Someone in TWS needs to look through the current content, and work out what all the culprits are.

2 Likes

Interesting. I tried to check a few of the images and all the ones I picked were stored via https, wonder why not all. I guess something legacy, but agreed to the casual user looks dodgy!

Interestingly, inspecting the page source didn’t show it up. I opened the Network tab in Chrome Developer tools, then refreshed the page and scrolled through looking for http:// requests.

1 Like

Some years ago our website had the order details etc. pages on https but not the rest of the site. When we brought the rest in as https the biggest problem was picking up on all the images particularly external ones like certification and credit card images.

1 Like

These ones are internal images being served from thewinesociety.com though. They’re images about recent offers, which explains why it’s only just started happening. I haven’t checked other pages - I know that some pages show up the error, and some don’t.

It will just be someone forgetting the ‘s’. I have seen exactly the same happening with disturbing frequency on some online banking pages! But, as you say, though it doesn’t look good, it’s probably nothing to worry about.

1 Like

I’m sure you’re right, though I’m also slightly surprised that the server isn’t set up to refuse the request, or negotiate up to https.

That’s odd. I’ve just checked why my browser wasn’t flagging a problem, and both those images are https:// - no http:// calls

Very odd. On both Chrome and Safari on my Macbook, it’s using http://. What browser versions are you using?

Firefox = 75.0
Chrome = 81.0.4044.113
(both 64 bit)
using a surface pro 4