Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Can't get embedded pages to work again after move to ssl


I have previously had my forums working fine, but recently moved to ssl.

The move to ssl broke all of my links until I updated them to 'https:' from 'http:' and I think that I have gone through everywhere I can to do this in my Vanilla installations (I have 3). (Including any .js files and the 'embed' code on my pages.

I also saw a recent post that mentioned making the following changes to my 'config.php' files...

$Configuration['Garden']['AllowSSL'] = true;
$Configuration['Garden']['ForceSSL'] =true;

... which I have also done.

The 'secure' padlock comes up in the address bar on all of my forum pages and the pages render correctly.

Each individual forum index page opens correctly when I just go to etc., BUT, it does NOT show the 'secure' padlock in the address bar

When I go to my enclosing forum page, in which the forum is embedded, the little image activates to indicate that it is trying to bring the embedded page in, but it fails to load.

It would seem to me that there is code in the embedded page that is not ssl compliant and that is why there is no padlock showing on the index page and possibly why it is not loading.

The index.php page seems to have nothing in it that would need changing.

So could someone please advise if I am on the right track here and where I would go and what I would do to have the embedded forum load correctly?

Thanks kindly,

  • Neil


  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited March 2017

    You need to understand that this has nothing to do with Vanilla and everything to do with your server and how you installed the SSL certificate. If you installed it correctly and tested it , it should work automatically. Ask your host or see this:

    Also keep in mind that and are seen as two different sites by ssl, you need a wildcard ssl cert or use the htaccess for your site to redirect all of the possible combinations, to the one where you installed the ssl cert.


    SSL certificate purchased for is for only not for You would have to use for secure site access.

  • Options

    Hi Vrijvlinder,

    Thank you for your response.

    Yes I am aware of the differences between and and the ssl certificate was installed by my web host who are a long term and major international player in the hosting business and who have been successfully installing ssl certificates virtually from day one.

    As mentioned above, my whole site - including the pages where the embedded Vanilla forums are wrapped are showing as secure.

    It is only the embedded Vanilla pages that are not showing as secure, so it still seems to me to be something with the way that Vanilla is set-up.

    So I am not necessarily saying that the problem has anything to do with Vanilla as software, but more in what I need to do in set it up correctly to work with ssl.

    I changed all the 'http:' links that I could find in the Vanilla pages and related scripts to 'https:' in the same manner as I edited all 120 pages on my site to try to ensure ssl compliance, but perhaps I went too far with Vanilla and I broke something there.

    My site is a membership site and I also have single sign on to enter the Vanilla forum. My Blogs, that use a different software also have single sign on and those blogs are fully secure and functioning correctly.

    So in all honesty, the only place it seems that I have to look is within the set-up of the Vanilla installation itself.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    Ok, I feel your pain... maybe try replacing the http to https in the embed.js file found inside of the js folder of your vanilla installation...

  • Options

    Yep, I had done that too. O.o but still an issue.

    • I take it that you mean the line that says 'document.location = 'http://' + host + window.location.hash.substr(1);' which I changed to 'document.location = 'https://' + host + window.location.hash.substr(1);'

    The other code in that file that includes 'http:' in the string is: 'host = host.replace('http://', '').replace('https://', '');' - I am not really js literate, but I presumed it was saying to replace 'http:' with 'https:' if the host is 'https:' so I left it as is.

    If you feel that I should change that in some way please let me know.

    However, I have also now actually done a whole new installation.

    At least the embedded forum page in that installation now shows as secure.

    All I have done in that new installation is:

    1. Turned on embedding.
    2. Entered the url where the forum is embedded (as https://)
    3. Copied the generated embed code to my forum page.
    4. Turned off categories (to try to keep it simple).
    5. Added "$Configuration['Garden']['AllowSSL'] = true;" to the 'config.php' file.
    6. Selected 'Embed-Friendly version 3.0' as the theme.
    7. Changed the embed.js file to 'https:' as suggested above (but I also tried it with 'http:')
    8. I have not turned on the SOS plugin.

    Sadly, I still have the same issue, with the embedded forum trying to load, but then failing to load.

    So I am really lost as to where to go from here.

    Does it look like I have missed something, or done something that I should not have in the 8 steps above?

    Thanks kindly,

    • Neil
  • Options
    edited March 2017

    If have made the new installation as above 'public' so you can view it here: and see it try to load.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    You need to make sure you are using pretty urls. Because the link that is the iframe for the embed is not in that format. Whether that is the reason it is not loading I don't know but this is the content of the embed script and it is not pretty urls. Also why is your forum location forum.php ? That is a name for a file that should not have public access. Just name it forum. To be honest I am not sure what you did or how you installed Vanilla.

    But try to fix the rewrite urls in the htaccess file.

    <iframe id="vanilla8527" name="vanilla8527" src=";;locale=" scrolling="no" frameborder="0" width="100%" height="0" style="width: 100%; border: 0px; display: block; height: 0px; visibility: visible;"></iframe>

  • Options

    I use 'Softaculous' in my web site cPanel to install and manage all my scripts.

    As mentioned initially, I have three other forums installed through this method that were all working perfectly up to initiating ssl on my site.

    Forum.php is not a directory location it is the name of the wrapper file that the forum is embedded in and it does not normally have public access because it is usually installed on a membership site.

    I just allowed public access to it so you could see it in action.

    Dropping the name to what you suggest will just take you to the forum page that is not embedded into the wrapper.

    The format that I used for the embed script is the Universal Forum Embed Code as copied and pasted exactly from the admin dashboard.

    If it needs to be different, why is it there? That code also worked fine before the move to ssl.

    There are no instructions there about using an iframe, pretty urls and substituting the code you suggest brings up a 'not found' error.

    My main site .htaccess is set up correctly for https.

    If I change the forum .htaccess as suggested it looks for the forum on the root.

    The forum is nested in subfolders but if I follow the instructions in the .htaccess file and put the path of the subfolders and specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) it still reverts to the root.

    Obviously I uncommented that line.

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    The problem with using installer scripts is that they contain a little bit of extra "logic" which makes it possible to automatically install and update them. That extra code is not known to us.

    Whenever someone who uses an installing script asks for help we try our best, but it could only be wild guessing because the problem might be in the extra overhead of that installer. It's not said that it must this way, but since a third party installer makes it unpredictable, the advise you will get is to simply install Vanilla by yourself. It is really easy. And afterwards, all tips and tricks you will find here could be matched to your installation. As long as you used the installer script version, you can only hope that something might work for you.

    I'm no expert when it comes to SSL certificates and I will not be of much hep in that discussion, but I would advise you to test what you have already tested, but not with a Vanilla installation made by Softaculous but with an installation made by yourself out of a copy you have downloaded from here.

  • Options

    I guess I am at the stage where I will try anything.

    But it seems a lot when the 3 forums have already worked previously under Softaculous installations.

    I also did another fresh installation (through Softaculous) that again was bare bones and the forum itself worked fine.

    I then embedded it into a web page that had nothing else other than the bare html to avoid any .js conflicts, etc., and that still failed to load the embedded page.

    Again, all pages rendered as secure, so there seems to be no ssl issues.

    Everything works fine with my installations except the embedding.

    There are only three steps in the documentation relating to embedding which I followed.

    There are so many conflicting statements from experts in this forum saying that Vanilla is already set up for ssl and that there is no need for any changes.

    People have been queried in other threads why they changed the .htaccess file when "there is no need", others as in this thread say to change it.

    Some say to add a few lines to the config file, but that is also not in the documentation. In my case, whether I add them or not it makes no difference.

    It really would be nice if there was some definitive documentation here that just laid it all out plainly and simply so that there was no need for all of these conflicts of opinion.

    The only thing left for me to do is to try a manual installation, as you say, and see how it goes.

    Let's hope the documentation for that is straightforward and not open to more conflicting advice.

  • Options

    Just casting my memory back, I think that all of the other embedded installations that worked used the now redundant embed plug-in.

    It seems that something has been lost between that and the current method.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    It is easy to update your forum by simply uploading the files via ftp . Just don't overwrite the htaccess file and the conf.php file.

    Single click scripts are not great for some things and they do insert unknown code. And/or don't offer the latest version.

    You can also embed your forum by using an iframe directly instead of the one packaged in the javascript.

    <iframe src="" style="width:100%;min-height:400px;"></iframe>

  • Options
    edited March 2017

    OK, thank you for that tip on the iFrame.

    That, at least, loads my forum into my page. A bit of a height size change and css to get rid of the borders and it starts to look half decent again.

    So it seems the problem has been within the packaged Javascript.

    There are a few other issues that I need to resolve where the old forum still has an ssl problem and stops the page coming up as secure. But I knew that and the new forums that I created seem OK. So it will now be a bit of work to get the old over to the new without breaking anything.

    Plus I have an issue with the SSO, but that seems to be an issue with the Vanilla SSO plugin in my site management software.

    I am at least over the main issue with the help of the iFrame and can hopefully press ahead from here.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    @NeilWeston said:
    OK, thank you for that tip on the iFrame.

    That, at least, loads my forum into my page. A bit of a height size change and css to get rid of the borders and it starts to look half decent again.

    You can set all that up with CSS . It is hard to tell why the embed using the javascript package does not work. You are not alone, others have had the same exact problem. Sadly embedding is not the forte of this software. You are better off theming your forum to match your website and use the standalone forum instead of embedding. Because this is only an option , not a guarantee.

    I can embed entire websites easier than with the Vanilla universals code/shit because all it is is an iframe inside javascript. And if your js has issues , then this is not going to work.

    Embedding is not a Vanilla forte. It is only an option and it is not a good one. :(

  • Options
    edited March 2017

    Yes, I totally agree about the iframe, but at least it showed me where the problem was occurring and that everything else works.

    Time is a bit of an issue here and I am not sure about Vanilla, but sometimes the theming process can be a real learning curve and time consumer (I am not totally proficient with the works of 'Smarty' either). - although that may be the best way to go in the long run.

    I am wondering if there is a third option though and if anyone has been able to get it to work successfully?

    As you say, the Vanilla Universal Code just seems to produce an iframe inside javascript.

    I hand code my site and use php to bring the various components of my pages all together on the one page. For example, I have one menu that I can 'include' on all pages instead of having that menu physically coded on every page, which saves a lot of editing if there is a menu change. - I am nowhere near being proficient in php though.

    As we know, the possible lines of code to embed the forum in a page are;

    1. The Vanilla Universal Code:
      <script type="text/javascript" src=""></script>

      • Which does not work for me.
    2. An iframe:
      <iframe src="" ></iframe>

      • Which works for me, but has all of the issues that come with iframes.

    Or perhaps a another possibility,

    1. A php include (Something like):
      <div style="width:100%; height:1200px; overflow:auto"> <?php include ('');?> </div>

    Which I have tried in a few iterations, but can't get to work - possibly because I am pointing php to a directory and not an actual document?

    The page fully loads, but there is just a big space where the forum is supposed to be.

    I may be wrong, but to me this would be a simple way of wrapping my site around the forum - if it would work.

    Just wondering if anyone else has had success with this?

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    Yes, I have , that is why I suggested it . But it will take some CSS both on your site and on the theme you are using for the forum.

    I suggest you give your iframe an id , for example

    <iframe src="" id="vanilla" ></iframe>

    Then you can use CSS rules on your main site to affect the iframe style and make it conform to your style. Because this involves making a spot for it , like a div .

    It is about balancing the css from the Vanilla theme with the css from your main site.

    Having an id , you can use css for you main site or the iframe inside the theme from vanilla

    css, you calculate the height of the forum embedded to make sure you create enough space for it. You would add this code to the vanilla theme custom.css you are embedding with.

  • Options

    Yes, I understand that about the css and iframe, but what I am really trying to do here is to totally move away from using an iframe and bring the forum into my page with a php include statement.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    You do not need to do that...

    You simply style your forum to look exactly like your site and put a link to it on your main site menu... You can't include entire php vanilla framework.. it is redundant.

    Just put your forum in /forum directory and style the forum to match your site in every way. That way no one will even realize they are going to the forum standalone.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    See what I mean and visit my website, I made my forum and blog match my main site

  • Options

    But where/what is my forum?

    At the moment, going to my forum directory brings up the forum within the Embed Friendly theme.

    It then appears to be the Embed Friendly 'default.master.tpl' that holds the html and smarty links to the main forum engine.

    Are you saying that I should duplicate something like that and put my normal page code around it?

    If so, will my other php includes that I would have to bring my page together (such as the menu as mentioned above) work inside the tpl file or would I have to also link to them with Smarty code?

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    No, you misunderstand what the embedded forum is. It is your forum but in an iframe that you can put anywhere.

    If you have you site at and your forum at , then you put a link to that forum , not the embed. Since you named the embedded forum link, forum, that is where the link you put on your site goes.

    You need to remove that and remove the embedded version. Then add a new link to your main site menu to the actual stand alone forum.

    Use another theme other than the default , find something that resembles your site the most and adapt it to look identical.

Sign In or Register to comment.