I was getting the dreaded Security Warning about unsecure content on a secure page. This only happened when logged into a customer account, clicking on the category tree which uses relative links, and then clicking through to a PROD page. The warning came up when trying to load the PROD page. I knew that all my images had relative links, so I took a closer look at the links to javascript. Turns out the culprit is the Live Search cashback Gleam Code!

I removed <mvt:item name="mslscb" param="prod" /> from my Product Display Layout and the crisis has been averted. However, we need MIVA to fix this problem ASAP, as this is a bad time (i.e. Double Cashback) to be in Bing Cashback Limbo.

From what I can gather, <mvt:item name="mslscb" param="prod" /> calls out the following code:
<!-- Begin Live Search cashback Gleam Code -->
<script language="javascript" type="text/javascript">
var msid = Math.floor( 1000000000 * Math.random() ) + 1000000000;
var msbg = document.bgColor;
if ( msbg.charAt( 0 ) == "#" ) msbg = msbg.slice( 1 );
document.write(
'<script language="javascript" ' +
'type="text/javascript" ' +
'src="http://search.live.com/cashback/products/gleam/javascript.ashx?' +
'merchantId=XXX&type=1&bgcolor=' + msbg + '&version=1.00">' );
</script>
</script>
<!-- End Cashback Gleam Code -->
Note: I did not notice this problem prior to PR6.

How does one go about suspending the Bing Cashback Program until this problem is resolved?

Please open a ticket with support on this. We'll look right away.

Please open a ticket with support on this. We'll look right away.

Ticket ID:BJZ-544082

Hello,

I noticed that after logging in that the category links under Shop By Category reference a secure URL while the links under Shop By Brand do not.

I'll have to double check with the developer but I am pretty certain that Microsoft does not provide a secure gleam URL.

I'll have to double check with the developer but I am pretty certain that Microsoft does not provide a secure gleam URL.

That's a big problem. What's the quickest, most efficient way, to pull the plug on Bing Cashback? If this can't be fixed, I'll want to remove my products from their website asap.

Edit: I'd also like a refund on my remaining funds in there, but unfortunately Bing Cashback does not offer phone support at this time.

The gleam is marketing material, any reason you need it to be on a secure page?

The gleam is marketing material, any reason you need it to be on a secure page?

No, I dont need it on my pages at all. I was just following the set up instructions. Will customers still be tracked and get cashback after removing the <mvt:item name="mslscb" param="prod" /> from my Product Display Layout ?

I need to check on that. I think the question I was driving to, is why would your PROD page be secure?

I need to check on that. I think the question I was driving to, is why would your PROD page be secure?

It would only be secure when you arrive there via the following steps:
1) Logging in as a customer (secure page)
2) clicking on the category tree which uses relative links (remains a secure page)
3) and then clicking through to a PROD page using relative links (remains a secure page)

The fix everyone will recommend is turning the relative links into absolute links beginning with http:// so that you never waste cycles securing those unnecessary pages. However, I think that the Bing module should include a secure version just so it plays nicely with the majority of the sites out there.

We're reaching out to MSFT to see if they've updated that, however for a number of non Bing related reasons I would agree with Brandon, you want to only use secure pages when necessary.

The best option like Brandon MUS said is to make all your links absolute to the non https version. This was no matter how someone gets to your site they will never be browsing in secure mode.

In your case the only way someone can get to your site in secure mode is by logging in to their account. It then redirects them to a secured version of the homepage. If you don't want to update all your links to be absolute then a another option would be to take people to their account edit page when logging in or take them to a "fake" page which then redirects them (through javascript or a meta redirect) back to the non secure version of your homepage. That way the user can never browse you site in secure mode.

The fix everyone will recommend is turning the relative links into absolute links beginning with http:// so that you never waste cycles securing those unnecessary pages. However, I think that the Bing module should include a secure version just so it plays nicely with the majority of the sites out there.

I use Sebenza's Category Template Manager and shortlinks. So are you suggesting, I go into each category template and change:
<base href="&mvt:global:basehref;"> to <base href=http://www.bronsondesign.com> ?

I wouldn't change the base href because that determines a lot of other paths like to your css and javascripts.

If you are going to make all the links absoulte go into your category tree template and your global header / footer and change

<a href="/category/accessories.html" class="cat">&nbsp;&nbsp;Accessories (891)</a><br>

to this:

<a href="http://www.bronsondesign.com/category/accessories.html" class="cat">&nbsp;&nbsp;Accessories (891)</a><br>

This way anytime someone clicks that link it will always be non secure.

Thanks Brennan....excellent suggestion!!!

I only needed to made the change once in my Sebenza Category Tree Template. Now all links in my category tree are are http.

I'd still like to know what Rick finds out regarding the necessity of <mvt:item name="mslscb" param="prod" /> in my Product Display Layout for Bing Cashback to function properly.

The <mvt:item name="mslscb" param="prod" /> item on the product page is for marketing purposes only. Microsoft wants you to put it there because it gives them exposure. But it is also good for the merchant because it lets the customer know that the particular product is eligible for cash back. That being said, you don't have to put the gleam on your product pages if you don't want to. It does not effect the operation of the program and will not change the fact that eligible products in the basket at checkout will still get the cashback generated.

I have contacted Microsoft to see if they have a secure link for the gleam code. If so we will be able to patch this in the next release.

it is also good for the merchant because it lets the customer know that the particular product is eligible for cash back.

Thanks Mark. My understanding (from Microsoft Tech Support) is that "Customers are eligible to get cash back on any item in your store regardless of whether it is ENABLED in your datafeed or not. The reward level for non-enabled items is based on the Base Commission you set when setting up your account." This is what I was told back in January.

http://extranet.mivamerchant.com/forums/showpost.php?p=90166&postcount=69

Thanks Mark. My understanding (from Microsoft Tech Support) is that "Customers are eligible to get cash back on any item in your store regardless of whether it is ENABLED in your datafeed or not. The reward level for non-enabled items is based on the Base Commission you set when setting up your account." This is what I was told back in January.

http://extranet.mivamerchant.com/forums/showpost.php?p=90166&postcount=69

Now that you mention it, I remember that too. I know that when a customer comes to your site from the Bing search engine, then all the products in the basket at checkout are reported to Microsoft.

when a customer comes to your site from the Bing search engine, then all the products in the basket at checkout are reported to Microsoft.

Any way to get that changed so it's only the enabled products that are eligible for cashback? Vendors are starting to look at the cashback programs as gray areas with respect to their IMAP policies. Would be nice to be able to exclude certain brands from the program.

As it stands, I can disable certain brands from showing up on Bing Cashback, but yet end up paying 5% commission regardless....so might as well enable all if I'm going to end up paying the commission anyway.

No, you can lower your default cashback to their lowest rebate (2%) but that's it, the rest is their rules.

No, you can lower your default cashback to their lowest rebate (2%) but that's it, the rest is their rules.

For the program we're discussing, they will not allow you set the cashback below 5%.

"Sorry, you cannot set a base commission lower than 5.00%."

I didn't know that, when we launched it was 2%. Either way, unless they've changed something it's all or nothing with them.

I think everything is under control now...thanks everyone. Don't know where I'd be without this forum!