I have worked IIS site which has worked in HTTPS. Something break and now when i try to get it in https site looks like that without CSS styles. I see in source and CSS and JS files try to open as http (which get 404 error when I try to open it), but when i try to open it via https everything work. How to "force" these to open these files via https? URL rewrite rule, but how?
Thanks for help
This what you experiencing is "mixed content blocking". It occures when you reach website via https but some elements are via http.
To resolve the problem you should configure http to https redirection.
You can find 'how to' here: https://www.ssl.com/how-to/redirect-http-to-https-with-windows-iis-10/
Also make sure that you don't hardcoded links to application elements via http in app code (if yes then change to https).
Related
For some reason DNN generates url for src of iframe inside every modal for editing module or module settings with different protocol on localhost and prod. On localhost when page is opened via https, iframe also has https url. At the same time on prod when page is opened via https, DNN generates http url there for some reason. As result I'm getting this error in dev tools console:
Mixed Content: The page at "" was loaded over HTTPS, but requested an
insecure frame. This request has been blocked; the content must be
served over HTTPS.
Found this solution.
Disabling modals would be really stupid solution as I need editing and settings for DNN modules. So I used workaround with meta tag added to a website via PersonaBar.
That fix actually works, but firstly, it's not the most convenient solution. Secondly, it's a crutch. If localhost can generate https link, then it means that prod also can. But why it doesn't? It's a code that is generated by DNN, not by my code. So as result I don't understand right now what's going on about it and why.
P.S. Just in case to clearify what I'm talking about:
login as superuser to your website
click pencil button to edit page
hover over any DNN module
click pencil icon "Edit module" or gear icon "Settings" (doesn't matter)
that's the modal window with iframe I'm talking about
P.S. I've asked this question at DNN forum yesterday already, but didn't recieve any answers there, so I'm duplicating it here.
DNN's SSL implementation requires a number of things to be in alignment, however, the following should be correct.
Within the security section SSL needs to be enabled, AND enforced, and the page that you are on also has to have the "Secure" flag set.
This is working for us in all production environments, so you so you should be fine.
(If using SSL Offloading, its a bit more tricky)
I have a website written in Ruby using Ruby on Rail framwork, everything was fine when using HTTP protocol, but when switching to HTTPS protocol.
Some CSS material can not shown, but some of it can.
The font can not be shown, originally the font was designed, but now it is not.
Anyone know what happen?
Without any specific error I assume browser is probably blocking files loading from mixed content, i.e. using both HTTP and HTTPS. Use your browser developer tools network tab to confirm this.
You can use // instead of http:// so that resources load from the relative protocol that the page content is loading from; Can I change all my http:// links to just //?
Also read; How to fix a website with blocked mixed content
I'm trying to work on my website but for some reason the web fonts are not working, even though they work fine on my local machine
please have a look on my css codes. its up on github.
css style code
https://github.com/AlexFTWW/alexftww/blob/gh-pages/css/style.css
website
https://alexftww.github.io/alexftww/
and it should look like this. much thinner
http: //prntscr.com/45krlw
on chrome console
[blocked] The page at 'https://alexftww.github.io/alexftww/' was loaded over HTTPS, but ran insecure content from 'http://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,400,400italic': this content should also be loaded over HTTPS.
just change the url to:
https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,400,400italic
note: the website use a secure protocol (https) , the external resources wold be loaded using https protocol
CSS on a page secured with SSL (HTTPS) not applying properly.
Its working fine on Mozilla and internet explorer but not working fine on chrome.
I tried to call external css file using java-script based on protocol, but no success.
The problem is that when accessing your CSS file over HTTPS, you are redirected to the HTTP version, and so the browser will block the file as it is not served sercurely.
You need to make sure you do not redirect back to HTTP for static resources.
Go to your config file in the web directory and change
define('HTTP_SERVER', 'http://myweb.com'),
define('HTTP_CATALOG, 'http://myweb.com');
to: https://myweb.com
I'm using Wordpress HTTPS plugin to force Admin mode to run under HTTPS.Its fine for Admin Panel.
But still, once i'm under HTTPS mode, every front pages are broken because of, it is saying some front-pages Asset Files are coming as normal HTTP (without 'S') which are then getting blocked to load onto page.
Than resulted in rendering the page looking messy.
So to be more clear again,
When i call the site in HTTPS / SSL mode .. some asset files, like:
http://www.my-another-site.com/something.js
http://www.my-another-site.com/something.css
http://www.my-another-site.com/something.jpg
... etc
.. are BROKEN. (Because i'm in https mode and those above files are coming as http)
So how to make Wordpress to FORCE LOAD those whatever files?(I DON'T CARE WHETHER IT IS SECURE OR NOT. Just want the site under https://... to be rendering properly.)
You could try using a protocol relative URL (dropping both the http and https from the URLs) - see this answer.
According to this answer you'll need to be on a recent version of WordPress (I'd assume 3.5) for it to work with wp_enqueue_script.