Support » Plugin: BuddyPress Docs » Mixed Content error when downloading attachments

  • Hi there,

    I am using BuddyPress docs for an intranet and it has be working fine for a long time.

    Recently the following has gone wrong:

    PDFs are now seen as mixed content and cannot be downloaded in Chrome. I checked everything for Mixed Content, but I can’t find anything:

    • Really Simple SSL plugin is properly configured;
    • There are no more http: // references on the website;
    • There is a green lock; chrome doesn’t see any errors at first glance. The error does not occur until the PDF is downloaded.

    The url in the source code also seems to be about HTTPS, so the problem isn’t there either:

    Minutes.pdf

    Link error: https://www.dropbox.com/s/xcxm97fmywr62zj/UItleg%20error.png?dl=0

    I have no idea what it could be. Can you help me?

    Thank you!

    Regards,
    Martijn

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author David Cavins

    (@dcavins)

    It looks from the error that there is a redirect that is http along the way. I’d start by checking that the URLs saved in WP Admin > Settings > General > WordPress Address (URL) and Site Address (URL) are both are saved as https.

    Next, I’d open the browser console’s “Network” tab and attempt to download the PDF to see what URLs are called along the way. Let me know what you find.

    Best,

    -David

    We encoutered the same issue.
    Somewhere in the process the URL is redirected a couple of times.

    We solved the problem (for now) by editing /wp-content/plugins/buddypress-docs/includes/templatetags.php:2203

    We fixed the attachment URL:

    $markup = sprintf(
    			'<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a>%s</li>',
    			$attachment_id,
    			$attachment_ext,
    			
    			// $att_url,
    			sprintf( "%s?bp-attachment=%s", $doc_url, $att_base ),
    			
    			esc_attr( $att_base ),
    			esc_html( $att_base ),
    			$attachment_delete_html
    		);

    I know this is not the correct way to do it, but we needed it to work quickly.
    Please update the plugin.

    Plugin Author David Cavins

    (@dcavins)

    Hi @mikemadern,

    Thanks for your message. Can you share the redirect chain from your browser console’s network pane when you are using the plugin code before your modification?

    Thanks!

    -David

    Hi @dcavins,

    I used httpstatus.io to figure out the redirects.

    
    Status Code, Scheme,    Host,                                 Path
    301,         https://,  extranet.leefbaarheidsteamermelo.nl,  /wp-content/uploads/bp-attachments/1753/Notulen-12-januari-2021.docx
    301,         http://,   extranet.leefbaarheidsteamermelo.nl,  /?p=1753&bp-attachment=Notulen-12-januari-2021.docx
    301,         https://,  extranet.leefbaarheidsteamermelo.nl,  /?p=1753&bp-attachment=Notulen-12-januari-2021.docx
    302,         https://,  extranet.leefbaarheidsteamermelo.nl,  /documenten/notulen-dinsdag-12-januari/?bp-attachment=Notulen-12-januari-2021.docx
    200,         https://,  extranet.leefbaarheidsteamermelo.nl,  /wp-login.php?redirect_to=https%3A%2F%2Fextranet.leefbaarheidsteamermelo.nl%2Fdocumenten%2Fnotulen-dinsdag-12-januari%2F%3Fbp-attachment%3DNotulen-12-januari-2021.docx
    

    The first redirect, to ?p=%d&bp-attachment=%s is the one to HTTP.

    – Edit
    Good to let you know that when attachments are not private, the problem is not there.

    – Mike

    • This reply was modified 3 months, 1 week ago by Mike Madern.
    Plugin Author David Cavins

    (@dcavins)

    Hi @mikemadern,

    That’s very helpful. Can you check that your WP site settings specify the https:// prefix? The settings are at wp-admin > Settings > General > WordPress Address (URL) & Site Address (URL)

    The url that is http:// in your chain is calculated by WP’s get_permalink() function which relies on home_url(). If you’ve set an http:// address for your settings, and are relying on htaccess redirects or similar to enforce https/SSL, you will see redirects like that.

    Thanks!

    Hi @dcavins,

    The first thing I checked 😉 worth to be noticed that the URL’s had indeed a http:// prefix and we changed it to have https://.
    The problem still existed after we updated the settings.

    After that we did a Search and Replace, checked the .htaccess for unusual configuration, ran a check on configured redirects, reactivated the plugins.
    But no results so far.

    -M

    Eurocom

    (@eurocom)

    We are also having the same problem.
    Works on Edge, not in Chrome.

    Thanks

    Plugin Author David Cavins

    (@dcavins)

    Here is the (correct) behavior I’m seeing, using Apache in an https environment. Let’s Encrypt is providing the SSL certificate, and all traffic is forced to https via an htaccess rule. This works for me in Chrome-family browsers and Firefox.

    Using the attachment URL provided by BP Docs (most common–caused by clicking on the attachment link from the docs directory or single doc “Read” view):
    200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
    Results in the file being downloaded.

    Request directly to the media item (should be rare):
    302 https://site-name.com/wp-content/uploads/bp-attachments/{doc_id}/file_name.pdf. (This is the redirect that the file protection htaccess rule enforces.)
    200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
    Results in the file being downloaded.

    If I purposely use http (not https) in a direct link (should be really rare—accidental, only, really):
    302 http://site-name.com/wp-content/uploads/bp-attachments/{doc_id}/file_name.pdf. (This is the redirect that the file protection htaccess rule enforces.)
    301 http://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
    (This is a 301 because I have redirects set up in Apache so that all traffic to the site is forced over to https)
    200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
    Results in the file being downloaded.

    If this is not the redirect flow that you are seeing, you may need to adjust the configuration of your server.

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.