I'm running on prestashop 1.6 and i have the following error...
Mixed Content: The page at 'https://nnn.pt/pt/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.
In my header.tpl i cannot find this :(
I figured out that the E-goi module was calling Bootstrap through HTTP.
Related
I have worked IIS site which has worked in HTTPS. Something break and now when i try to get it in https site looks like that without CSS styles. I see in source and CSS and JS files try to open as http (which get 404 error when I try to open it), but when i try to open it via https everything work. How to "force" these to open these files via https? URL rewrite rule, but how?
Thanks for help
This what you experiencing is "mixed content blocking". It occures when you reach website via https but some elements are via http.
To resolve the problem you should configure http to https redirection.
You can find 'how to' here: https://www.ssl.com/how-to/redirect-http-to-https-with-windows-iis-10/
Also make sure that you don't hardcoded links to application elements via http in app code (if yes then change to https).
I am getting this error in the browser console:
Mixed Content: The page at
'https://async-java.github.io' was loaded over HTTPS, but
requested an insecure resource 'http://async-java.github.io/v/0.1.2/'.
This request has been blocked; the content must be served over HTTPS.
my iframe is being loaded with:
<iframe id="main-iframe" src="v/0.1.2" width="100%" height="100%"></iframe>
is there some way to force it to use https without having to use an absolute URL? The relative url is a lot more convenient because it works for localhost etc.
I found this answer, it says to use:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
which worked for this use case. For more info see:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
How can we use github pages embedded in an iframe correctly?
I've hosted a website in firebase and it is using a custom domain over https, for example, https://www.example.com.
This website uses react and other things, but for one route (the landing page one) I would like to use a static page hosted on github, for example https://example.github.io/page. So, to achieve this I've created an iframe inside the route https://www.example.com/page.
The problem is I've been receiving the following error:
Mixed Content: The page at 'https://www.example.com/page' was loaded
over HTTPS, but requested an insecure resource
'http://example.github.io/page/'. This request has been blocked; the
content must be served over HTTPS.
The strange thing is the iframe looks correctly:
<iframe title="Page" src="https://example.github.io/page">unwanted text</iframe>
It is already using https, but looks like this is being ignored.
I already tried to use this meta <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">, close the iframe with </iframe> and add an unwanted text inside the iframe.
Can we solve this?
If you carefully examine your HTML code and the error message, you'll notice a slight difference in URLs besides the protocol part:
https://example.github.io/page - in the iframe src tag
http://example.github.io/page/ - in the error message
The reason could be that the URL https://example.github.io/page returns a redirect to the "canonical" version with the trailing slash (/page/), but a redirect URL must be a full URL, and the server for some reason isn't including the actual protocol in the redirect URL, always using http:// instead. That could be due to configuration or coding at the server side (see also github issue #289).
As a workaround, use a URL that doesn't trigger the canonicalization redirect, i.e. https://example.github.io/page/.
I have installed an SSL-certificate for my website but it is not working for some pages. I went inside of the Google Chrome Console option and found this error message:
Mixed Content: The page at
'https://www.feelhome.se/produkt/blackgrey-feather/' was loaded over
HTTPS, but requested an insecure font
'http://www.feelhome.se/wp-content/plugins/ajax-search-pro/css/fonts/icons/icons.woff'.
This request has been blocked; the content must be served over HTTPS.
I went inside of the "insecure font" but there is not "http" URL there that I can change to remove this error message. How can I remove this error message that appears?
You need to change the reference to the font in your CSS file so that it uses a https:// URL.
All external resources (css, javascript, images, etc) imported into the page need to either be relative URL so that they automatically use the same protocol, or you need to explicitly use https:// in their URL.
I have problem with tinymce 4.1.10. Icons are not shown in it, then i put it in page, that is loaded through https. Problem is that font files are loaded through http and browser writes in console:
Mixed Content: ... was loaded over HTTPS, but requested an insecure
font '...tinymce.woff'. This request has been blocked; the content
must be served over HTTPS.
Css file with reference to tinymce.woff tinymce/skins/lightgray/skin.min.css is loaded through https. It contains relative link to the font file.
I tried to test how it is loaded in tinymce site: https://www.tinymce.com/tryit/basic.php And it works here! Font file tinymce.woff is loaded though https. Files skin.min.css are identical in tinymce.com and in my server and both loaded by https, but why font file tinymce.woff is loaded through http on my site (and through https in tinymce site)?
What makes browser (i tested in FF and Chrome) to decide to use http or https?
PS. I read similar questions here and played with http headers, but it didn't help.
Finally i found solution. Problem was in .htaccess file in my server, that redirected some https calls to http. Thank you all, who read this and tried to answer :)