Browsers block mixed content preventing page editing
Edit block Issue: Browser debuggers are showing similar to the following (Chrome example):
Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/themes/<theme_dir>/typography.css'. This request has been blocked; the content must be served over HTTPS.
m.create.setupIframe @ tiny_mce.js:1
Load Form issue, when I try to load Page Properties via the Editor, (Chrome debugger) throws:
Mixed Content: The page at 'https://www.example.com/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://www.example.com/index.php?cID=1&ccm_token=1453713006:969465f2ffbcd64ecd3d88ca4ac6d7cb'. This endpoint should be made available over a secure connection.
In both cases above blocks and forms are grayed out.
Concrete5 version is 188.8.131.52. I've tried a few browsers (Chrome 48, Firefox 43, IE 11, Opera 34). The theme is not compatible with Concrete 5.7. The site uses Miser 1.9.3.
I've searched inside the code base and online for any pointers to resolving this issue without luck. I'm not a C5 developer but know how to edit the PHP code where these HTTP (non-secure) references are set if anyone here could steer me to the code containing the HTTPS protocol overide file(s).
Any help would be much appreciated.
site.php changed to...
which causes a redirect loop, unless the following is also updated..
concrete/startup/url_check.php changed to
$protocol = 'https://';
If anyone is still having issues like these, one thing to check is your webserver is making the https server variable available!
You can check by adding a php file with the following and hitting the file in your browser
<pre><!--make it pretty--> <?php //echo out the SERVER variable print_r( $_SERVER ); ?> </pre>
You should see $_SERVER['https'] in the output. If not, you need to add it to your server header output.