I have set my website to force https access via htaccess.
The main site is working normal
But the blog (that is located at one of the main site folder's azaz.com.br/blog) is desconfiguring only on HTTPS.
I dont know why and how to solve this, so I appreciate any help
Thanks in advance
In your <head>, you are getting your files using http:// not https://. According to the developer tools on Google Chrome it says:
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Google and most browser don't like this because they think that you are getting files from an unsafe file server.
Related
So I'm pretty familiar with html, css and java Script. And this moving company I work for wanted to know if I could fix this unsecured link in there html. I used Why no Padlock? and found that this link in the head tags is unsecure
https://www.whynopadlock.com/results/bcfb1f57-2f59-4787-8979-24beea641fe0
You can see that it's using http. Would making it https fix the issue or break the link?
Test result:
A file with an insecure url of "http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800&subset=latin,latin-ext" was loaded on line: 20 of your site.
This URL will need to be updated to use a secure URL for your padlock to return.
I just had a look at your test results, it basically says that you include a google fonts stylesheet. Update that <link to use https:// and you should be good.
Making it https:// will make your site inaccessible if you haven't obtain what is called SSL for your domain.
To fix that, obtain a SSL certificate for your website and the site will be served with https:// even when accessed with http://
I'm entirely new to GitHub and I am facing some problems while trying to create my first project.
I am using GitHub (username.github.io) to preview (live). But locally my work is well but not in Github pages.
In Github pages, it doesn't work any CSS, js, or my style. All of my CSS, js, and style all in the index.html page. If I go to page source it shows all code but not work!
What I do for showing actual(like as localhost)?
The link is given below. Please see and tell me what I do?
https://mostafizur67.github.io
The browser console shows that your external resources are blocked:
(index):8 Mixed Content: The page at 'https://mostafizur67.github.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://mostafizur67.github.io/' was loaded over HTTPS, but requested an insecure script 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js'. This request has been blocked; the content must be served over HTTPS.
(index):13 Mixed Content: The page at 'https://mostafizur67.github.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
Try loading the external resources using https instead of http.
Actually not a Git question, it's really an HTML/CSS one.
You have links to http resources in an https page, and browsers do not like this. Prefer links like //example.com/path/to/file to http://example.com/path/to/file to let your browser pick the right protocol.
To debug this kind of issues, use the webmaster tools provided with your browser. For example, with Firefox, Right-click anywhere on page -> Inspect element. The console shows the errors.
In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https.
<iframe src="//myothersite.com"></iframe>
In Firefox latest version everything works good.
In Chrome, the iframe isn't loaded and in the console I see these two errors
Mixed Content: The page at 'https://mysite' was loaded over HTTPS, but requested an insecure resource 'http://myothersite.com'.
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS
In IE content load incorrectly and I see an alert message; if I click Allow Insecure Content, it loads correctly.
The question is: how I can do that IE and Chrome as in Firefox (load mixed content without any alerts)?
Note: I haven't changed any browser settings.
Actually Firefox has started to do the same: How to fix a website with blocked mixed content
It makes sense. If the user access a site using HTTPS is expecting to have a secured experience, and he may not be aware of parts of the application loading under not secure connections. That is the reason why the browser blocks such inconsistency.
You will need to provide HTTPS on myothersite.com.
Obviously it's best not to have mixed content to prevent MITM attacks but for those who can't control the url this should do the trick:
Change the src="http://linkToUrl.com" to
src="//linkToUrl.com/script.js"
enter image description here
when i set the url :
from a https request, it report error :
Mixed Content: The page at 'https://127.0.0.1/index.html' was loaded over HTTPS, but requested an insecure resource 'http://127.0.0.1:8080/download/1.txt'.
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS
when i added the target="_blank" to the url: <a target="_blank" href="http://127.0.0.1:8080/download/1.txt">, it works! , it works!
it's well known that target="_blank" means opening the linked document in a new window or tab or a new request!
I'm sorry this isn't as technical as the other answers, but I had the same problem linking jsquery like this, and for me it fixed just by changing http:// to https://. It may not work, but it worked for me and it might work for you.
Problem is mixed content, the browser won't allow us to just do that.
You need change url from:
http://example.com
to
//example.com
I'm having other complication with CloudFlare, it doesn't load as the file has been cached as http. Just go to CloudFlare and "Purge Everything" in cache tab, or else turn on "Development Mode".
I'm developing a website and get the webpage linked here. The problem is that the webpage is not rendered with the styles.
But when I open its source and copy it to a new file on my desktop, the style is now rendered approppriately. I couldn't figure out why it doesn't work on the secure connection. Any ideas?
From my browser's error console:
[blocked] The page at 'https://secure.nesinvakfi.org/nesinyayinevi/test.html' was loaded over HTTPS, but ran insecure content from 'http://www.nesinyayinevi.com/bootstrap/css/nybs.css': this content should also be loaded over HTTPS.
If you are going to use HTTPS, then use it everywhere in the page. Don't inject insecure content into the page, it makes using HTTPS pointless.
Open the console to see all sorts of errors:
The page at 'https://secure.nesinvakfi.org/nesinyayinevi/test.html' was loaded over HTTPS, but displayed insecure content from 'http://www.nesinyayinevi.com/bootstrap/img/grid-18px-masked.png': this content should also be loaded over HTTPS.
Failed to load resource: the server responded with a status of 404 (Not Found) https://secure.nesinvakfi.org/nesinyayinevi/resimler/english.jpg
In the first case, the scheme of the requested URL and the scheme of included resources need to match. Use https://www.nesinyayinevi.com You could also use //www to have the scheme automatically match that of the requested page, but since this is secure.nesinvakfi I have to imagine that it's going to be https.
If you can't use https for nesinyayinevi.com, then you're going to have to copy the resources over or otherwise proxy them through https.
As for the 404 errors, it seems like you are using a relative path like bootstrap/js, but these are for the wrong domain. You need to use the domain absolute path of https://nesinyayinevi.com like you are doing for the CSS files.
I have an application that uses Google Drive for document storage and preview functionality, but recently the iFrames that the documents are loading into are not displaying anything. Upon inspection of the console, Chrome declares that it blocked the fram from running insecure content, and that is why the file preview did not load.
The initial call to preview this file is to a url that looks like this:
https://docs.google.com/document/d//preview
There is a redirect along the way that takes the following form but because it uses http instead of https, Chrome blocks the content from loading.
http://www.google.com/url?sa=p&q=https://www.google.com/accounts/ServiceLogin?service%3Dwise%26passive%3Dtrue%26go%3Dtrue%26continue%3Dhttps://docs.google.com/document/d//preview?pref%253D2%2526pli%253D1
Is there any way around this issue? It is blocking a core functionality of my application currently, so any advice would be appreciated. I can provide a screenshot of the full stack of network loads in necessary, but this is the only URL that is not http compliant.
Thanks in advance for your help.
Hacked that. Add a "?pli=1" without quotes at the end of the URL to avoid redirect (after "/preview" or "/edit") and land directly to the document.