Mixed content warning

  • Unknown's avatar
    jordanmussi · Member ·

    Hello,

    We are rolling out HTTPS across our website and we are encountering an issue with the search form on the WordPress.com blog. Since the form points to http://blog.mybb.com/ visitors experience a mixed content warning when loading the blog over HTTPS. We were hoping that fixing this will also make the other internal links on the blog point to HTTPS as well.

    We’re hoping to get this sorted soon so any assistance you can provide will be greatly appreciated.

    Regards,
    Jordan Mussi
    On behalf of the MyBB Group

    The blog I need help with is: (visible only to logged in users)

  • kokkieh · Staff ·

    Hi there,

    Where exactly are visitors getting the mixed content warning? Your site at https://blog.mybb.com/ already has SSL enabled – all sites on WordPress.com has that by default – and I don’t see any mixed content warnings when I visit it. All internal links on that site should also automatically load over https, even if they were originally added as http.

  • Unknown's avatar
    jordanmussi · Member ·

    Hi kokkieh,

    Thanks for your response!

    In Google Chrome if you view the console there is a warning as the page includes a form pointing to HTTP. This is also indicated by not having the green lock in the address bar.

    The problem is this:
    <form role="search" method="get" id="searchform" class="searchform" action="http://blog.mybb.com/">

    Also, when you view the source code you can see internal links pointing to HTTP. (Less of an issue because we have HSTS enabled so modern browsers will perform an internal redirect to HTTPS before sending the request.)

  • kokkieh · Staff ·

    How exactly are you pointing your subdomain to us?

    You do have the mapping upgrade here, but it doesn’t look like your domain has a CNAME to point the subdomain to your WordPress.com URL, which means our redirects to https on your site won’t work as it’s not actually our mapping upgrade that’s connecting your domain her but something else, like a redirect at your domain registrar.

    As I said, we automatically add SSL to all sites hosted on WordPress.com, but if your domain is not pointed to us using the correct method, and if you’re trying to use SSL via a service like CloudFlare, our settings won’t work, which could be leading to the mixed content warnings you are seeing.

  • The topic ‘Mixed content warning’ is closed to new replies.