You are here: Home / Web 2.0 / Web/Tech / Google’s SSL Fail
post

Google’s SSL Fail

May 25, 2012    2 Comments

Though the page is secure, Google Chrome gives the warning at the top in yellow (click for larger view)

This is stunning: I just spent the last two hours tracking down a checkout page problem and it turns out it was Google’s fail on SSL! This from a company that is promoting the hell out of “https” and security.

I went in to our checkout page and tracked every single element to make certain it was secure — and the Woocommerce software we use performs a “force SSL” on page elements to ensure they’re secure — but I just couldn’t figure out why I was receiving a warning in Google Chrome that said, “This page has insecure content.

The problem? Warnings like this are overwhelming for most people and almost ALWAYS why they abandon their shopping carts. When you’re running a business, that’s the LAST thing you want people doing when they’re checking out!

Guess what I discovered after I did a “View Source” and finally an “Inspect Element” of the page viewing the console to see errors? THAT THE WARNING WAS BEING TRIGGERED BY THE GOOGLE FONTS BEING PULLED FROM THEIR SITE. Yep. It was the CSS declaration: @import url(http://fonts.googleapis.com/css?family=PT+Sans); that was the culprit. Simply adding an “s” after “http” fixed it and the warning vanished.

Seriously Google? Perhaps making SSL pulls mandatory will fix it. I know, I know…the SSL adds a lot of overhead and I’ll work on selectively pulling an SSL font just on the checkout pages, but you sure don’t make this stuff any easier with crap like this you guys.

Filed Under: Web/Tech
About Steve Borsch

I'm CEO of Marketing Directions, Inc., a trend forecasting, consulting and publishing firm in Minnesota. Prior to that I was Vice President, Strategic Alliances at Lawson Software in St. Paul where I was responsible for all partnerships at this major vendor of enterprise resource planning software products and services. Read more about me here unless you're already weary of me telling you how incredible and awesome I am.

Comments

  1. Jeremy says:
    May 31, 2012 at 1:13 pm

    Thank you for this. Silly something so simple could potentially lose you so much money. I just added the “s” and my warning flags are gone.

  2. klaus says:
    November 13, 2012 at 1:50 am

    a better solution is:
    @import url(//fonts.googleapis.com/css?family=YOUR_FONT_WISH);

    so the browser automatically use the correct protocol (http or https).
    nice and clean but not many people know this ;-)
    (IE6 seems to not understand this, but ie6 has many more problems…)

    more about this here: http://stackoverflow.com/questions/4831741/can-i-change-all-my-http-links-to-just

Leave a Reply