Browsers block mixed content preventing page editing

Permalink
Recently ran into this issue where I can no longer edit any blocks or load any page edit forms.

Edit block Issue: Browser debuggers are showing similar to the following (Chrome example):

Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/themes/<theme_dir>/typography.css'. This request has been blocked; the content must be served over HTTPS.
m.create.setupIframe @ tiny_mce.js:1
tiny_mce.js:1

Load Form issue, when I try to load Page Properties via the Editor, (Chrome debugger) throws:
Mixed Content: The page at 'https://www.example.com/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://www.example.com/index.php?cID=1&ccm_token=1453713006:969465f2ffbcd64ecd3d88ca4ac6d7cb'. This endpoint should be made available over a secure connection.

In both cases above blocks and forms are grayed out.

Concrete5 version is 5.6.3.1. I've tried a few browsers (Chrome 48, Firefox 43, IE 11, Opera 34). The theme is not compatible with Concrete 5.7. The site uses Miser 1.9.3.

I've searched inside the code base and online for any pointers to resolving this issue without luck. I'm not a C5 developer but know how to edit the PHP code where these HTTP (non-secure) references are set if anyone here could steer me to the code containing the HTTPS protocol overide file(s).

Any help would be much appreciated.

View Replies: View Best Answer
jaffa replied on at Permalink Best Answer Reply
Just to close this issue, I found the mixed content solution in syborlab's answer in http://www.concrete5.org/community/forums/installation/redirect-pro...

site.php changed to...
define('BASE_URL', 'https://name.domain.org');
which causes a redirect loop, unless the following is also updated..
concrete/startup/url_check.php changed to
$protocol = 'https://';
dmeller replied on at Permalink Reply
Hi,

If anyone is still having issues like these, one thing to check is your webserver is making the https server variable available!

You can check by adding a php file with the following and hitting the file in your browser

<pre><!--make it pretty-->
<?php
//echo out the SERVER variable
print_r( $_SERVER ); 
?>
</pre>


You should see $_SERVER['https'] in the output. If not, you need to add it to your server header output.