I'm using Wordpress HTTPS plugin to force Admin mode to run under HTTPS.Its fine for Admin Panel.
But still, once i'm under HTTPS mode, every front pages are broken because of, it is saying some front-pages Asset Files are coming as normal HTTP (without 'S') which are then getting blocked to load onto page.
Than resulted in rendering the page looking messy.
So to be more clear again,
When i call the site in HTTPS / SSL mode .. some asset files, like:
http://www.my-another-site.com/something.js
http://www.my-another-site.com/something.css
http://www.my-another-site.com/something.jpg
... etc
.. are BROKEN. (Because i'm in https mode and those above files are coming as http)
So how to make Wordpress to FORCE LOAD those whatever files?(I DON'T CARE WHETHER IT IS SECURE OR NOT. Just want the site under https://... to be rendering properly.)
You could try using a protocol relative URL (dropping both the http and https from the URLs) - see this answer.
According to this answer you'll need to be on a recent version of WordPress (I'd assume 3.5) for it to work with wp_enqueue_script.
Related
For some reason DNN generates url for src of iframe inside every modal for editing module or module settings with different protocol on localhost and prod. On localhost when page is opened via https, iframe also has https url. At the same time on prod when page is opened via https, DNN generates http url there for some reason. As result I'm getting this error in dev tools console:
Mixed Content: The page at "" was loaded over HTTPS, but requested an
insecure frame. This request has been blocked; the content must be
served over HTTPS.
Found this solution.
Disabling modals would be really stupid solution as I need editing and settings for DNN modules. So I used workaround with meta tag added to a website via PersonaBar.
That fix actually works, but firstly, it's not the most convenient solution. Secondly, it's a crutch. If localhost can generate https link, then it means that prod also can. But why it doesn't? It's a code that is generated by DNN, not by my code. So as result I don't understand right now what's going on about it and why.
P.S. Just in case to clearify what I'm talking about:
login as superuser to your website
click pencil button to edit page
hover over any DNN module
click pencil icon "Edit module" or gear icon "Settings" (doesn't matter)
that's the modal window with iframe I'm talking about
P.S. I've asked this question at DNN forum yesterday already, but didn't recieve any answers there, so I'm duplicating it here.
DNN's SSL implementation requires a number of things to be in alignment, however, the following should be correct.
Within the security section SSL needs to be enabled, AND enforced, and the page that you are on also has to have the "Secure" flag set.
This is working for us in all production environments, so you so you should be fine.
(If using SSL Offloading, its a bit more tricky)
I have worked IIS site which has worked in HTTPS. Something break and now when i try to get it in https site looks like that without CSS styles. I see in source and CSS and JS files try to open as http (which get 404 error when I try to open it), but when i try to open it via https everything work. How to "force" these to open these files via https? URL rewrite rule, but how?
Thanks for help
This what you experiencing is "mixed content blocking". It occures when you reach website via https but some elements are via http.
To resolve the problem you should configure http to https redirection.
You can find 'how to' here: https://www.ssl.com/how-to/redirect-http-to-https-with-windows-iis-10/
Also make sure that you don't hardcoded links to application elements via http in app code (if yes then change to https).
hello I have a local wordpress installation, which is a copy of my hosted website.
i'm going to try to make it simple :
If i type "http://mylocalwebsite/index.php", it works and shows me my local copy
If i type "http://mylocalwebsite", index.php is still used, but i'm ending in my hosted web page (www.myrealsite.com)
If i type "http://mylocalwebsite" again, it doesn't use index.php, and directly opens my hosted website.
All hosts files are correct, none of them is leading to my hosted website.
I've done a search for "www.myrealwebsite.com" in the directories of the local copy : no result.
I just don't understand why. Any ideas ?
Thx
This is a cached redirect from the browser you are using (since the hostname you are using is not FQDN, the browser tries to correct that, or has previously seen a (301) redirect to the real webpage like from non-www hostname, to a www.hostname and uses that to assume what is correct).
If you try the same with CLI curl request, I would imagine the result will be as you expect.
I have a website written in Ruby using Ruby on Rail framwork, everything was fine when using HTTP protocol, but when switching to HTTPS protocol.
Some CSS material can not shown, but some of it can.
The font can not be shown, originally the font was designed, but now it is not.
Anyone know what happen?
Without any specific error I assume browser is probably blocking files loading from mixed content, i.e. using both HTTP and HTTPS. Use your browser developer tools network tab to confirm this.
You can use // instead of http:// so that resources load from the relative protocol that the page content is loading from; Can I change all my http:// links to just //?
Also read; How to fix a website with blocked mixed content
Whoever wrote the navigation for the site I’m currently working on (classic asp) points the navigation links to a folder, then inside to folder has an index.asp file, so the urls will look something like this www.mysite.com/myfolder/mysubfolder
Now, when watch the page load using httpfox, I notice that the first entry is a 302 redirect to the same address with a “/” on the end, so www.mysite.com/myfolder gets redirected to www.mysite.com/myfolder/ (note the / on the end).
I’m not to worried that it’s a 302 since its in the admin section of the site, but when I forward the host headers from ISA server, for an https request, its being redirected from https://www.mysite.com/myfolder to http://www.mysite.com:443/myfolder/ and causing all kinds of problems.
Anyway, I can’t seem to find any code making this redirect happen, so does IIS 6 do this because the url points to a folder? Or do I need to comb through the code more closely?
the problem is not in the code.
the redirect happens because there is no url "https://www.mysize.com/myfolder".
correct urls look like this: "https://www.mysize.com/myfolder/"
so the last / is important and only with this you have a valid url!
the webserver now is cute enough to automatically send a "302 found (originally temporary redirect, but now commonly used to specify redirection for unspecified reason)" status code.
just add the / to the links and you're fine