Jetpack by WordPress.com
[resolved] Jetpack-comments: mixed content warning caused by included script (4 posts)

  1. graphiclunarkid
    Posted 2 years ago #

    I'm serving a self-hosted network both over SSL (https) and directly (http). I'm running Jetpack version 2.5 on WordPress 3.7.1. I have the jetpack-comments plugin enabled.

    Visiting any page on which a comments box appears causes Firefox v25.0 to show a mixed-content warning. A similar warning probably appears in other browsers too (I haven't tested any). An example of this warning can be seen on this very page currently (https://wordpress.org/support/plugin/jetpack)!

    I used http://www.whynopadlock.com/ to investigate the cause of the warning and it reported the following:

    Insecure URL: http://s.skimresources.com/js/725X1342.skimlinks.js
    Found in: https://jetpack.wordpress.com/jetpack-comment/?blogid= <snip>

    I viewed the source of the page on which the tool said the insecure URL was included and found the following code snippet:

    <script type="text/javascript" src="http://s.skimresources.com/js/725X1342.skimlinks.js"></script>

    I've confirmed that this resource is also available over SSL currently:

    I've worked around similar WordPress issues by using webserver output substitution-rules to rewrite http:// URLs as https:// when pages are loaded over SSL, however this resource isn't served from my domain so I can't do that here. I don't want to force my visitors to use SSL by changing the site root scheme to HTTPS or by rewriting unencrypted incoming requests. The site should be available either encrypted or unencrypted.

    I've worked around the problem by disabling jetpack-comments for now. Would it be possible for a plugin author to change the scheme by which this resource is fetched to SSL (https), either all the time, or just when the plugin includes code on an otherwise encrypted page?

    If I've made a mistake somewhere I'd be grateful to anyone who can point it out. I'd be happy to help investigate further if we need more information to get this fixed.

    Thank you.


  2. Jeremy Herve
    Jetpack Mechanic
    Plugin Author

    Posted 2 years ago #

    Thanks for the report! We'll take a look at this and fix the problem. I will post again here as soon as I have some news.

  3. Jeremy Herve
    Jetpack Mechanic
    Plugin Author

    Posted 2 years ago #

    The problem should now be fixed!

  4. graphiclunarkid
    Posted 2 years ago #

    I've just confirmed this is now working on my site. Thank you very much for your help :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Jetpack by WordPress.com
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic