Still get mixed content with protocol relative URL

  • sfpguru

    (@sfpguru)


    8 years, 3 months ago

    Hi.
    Still get mixed content after installing your add-on.
    Browser’s console have those messages:
    Loading mixed (insecure) active content "http://domain.com/wp-includes/js/jquery/jquery-migrate.min.js" on a secure page
    But in page source, there lines like this:
    <script type='text/javascript' src='//domain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>

    My setup is: AWS Load Balancer –> nginx –> apache2
    Having those lines in nginx config:

    proxy_set_header X-Forwarded-Proto https;
    proxy_pass_request_headers on;

    apache:
    SetEnvIf X-Forwarded-Proto https HTTPS=on
    wp-config.php

    if (stripos(get_option('siteurl'), 'https://') === 0) { $_SERVER['HTTPS'] = 'on'; }

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

    https://wordpress.org/plugins/ssl-insecure-content-fixer/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    G’day sfpguru,

    What do you get when you run the SSL Tests page?

    Tools > SSL Tests

    cheers,
    Ross

    Thread Starter sfpguru

    (@sfpguru)

    8 years, 3 months ago

    It shows me this with each of 5 methods of HTTPS detection

    “Your server environment shows this:

    error”

    Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    Is there anything logged in your website logs?

    Are you able to let me login to look? If so, please send login details via my support form (don’t post them here!)

    cheers,
    Ross

    Thread Starter sfpguru

    (@sfpguru)

    8 years, 3 months ago

    Very sorry, webaware, I can’t due to security policy of our company.
    You mean apache logs? Only this after I ran HTTPS Test:

    PHP Catchable fatal error: Object of class WP_Post could not be converted to string in /domain.com/wp-content/plugins/qtranslate/qtranslate_core.php on line 455

    Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    No worries.

    It sounds like something is causing some error messages to be dumped into the AJAX calls. That’s probably the problem with the Settings page at least. You can try adding this to the wp-config.php file to stop that:

    define('WP_DEBUG_DISPLAY', false);

    The message suggests that it’s qtranslate, but I just tried running that with the SSL Insecure Content Fixer and didn’t have a problem, so I don’t know what could be causing it.

    However, it should not be affecting the HTTPS test, which runs outside of WordPress. Can you see what the browser console shows in the AJAX response? Again, best to post it to my support form to keep it away from prying eyes.

    Generally, you might want to try adding these lines to your wp-config.php file to see if that lets WordPress know when it’s loading on HTTPS. If it doesn’t work, remove the lines again.

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

    cheers,
    Ross

    Thread Starter sfpguru

    (@sfpguru)

    8 years, 3 months ago

    Doesn’t help. There still “error” in Tools page (with green tick after Tests Completed)

    Have you any suggestions how to solve this, Ross?

    cheers,
    Mike

    Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    Did you get the green tick before? The green tick says that WordPress can detect SSL. Has your problem with jQuery scripts been resolved now?

    The errors in the Tools > SSL Tests page probably means that you are blocking access to scripts running from within the plugins folders. That’s probably a security rule in your NginX or Apache config.

    That’s about all I can guess without seeing the website.

    cheers,
    Ross

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Still get mixed content with protocol relative URL’ is closed to new replies.