pagespeed convert image to webp but use not secure protocol (http) - google-chrome

Chrome Mixed Content Message
My site was enabled nginx pagespeed module and all resources are loaded in https but webp url ( created by pagespeed ) is in http. I got a not-secure notice from Chrome brower. How to fix it?
Mixed Content: The page at 'https://interview.tw/c/QHkN' was loaded over HTTPS, but requested an insecure image 'http://assets.interview.tw/images/xmask.jpg.pagespeed.ic.yjlu3AxgW4.webp'. This content should also be served over HTTPS.

I found out that ModPagespeedFetchHttps enable fix this problem.
So put it on your pagespeed.conf file, clean the pagespeed cache (sudo touch /var/cache/mod_pagespeed/cache.flush) and restart Apache.
Good luck.

Related

Webpage desconfiguring on https access

I have set my website to force https access via htaccess.
The main site is working normal
But the blog (that is located at one of the main site folder's azaz.com.br/blog) is desconfiguring only on HTTPS.
I dont know why and how to solve this, so I appreciate any help
Thanks in advance
In your <head>, you are getting your files using http:// not https://. According to the developer tools on Google Chrome it says:
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Google and most browser don't like this because they think that you are getting files from an unsafe file server.

Insecure "video" over HTTPS

I have a site that is loading over HTTPS.
I have a HTML5 audio element on that site (currently a fallback for a Flash player), that is loading a Shoutcast URL. The Shoutcast URL is loading using a regular HTTP URL, because it doesn't seem to work using HTTPS.
However, Chrome is showing that the page includes elements that aren't secure, and when I check he console, I see this message:
Mixed Content: The page at 'https://mysite.com/' was loaded over HTTPS, but requested an insecure video 'http://shoutcasturl.com:8000/;'. This content should also be served over HTTPS.
Is there any way to get rid of the error in Chrome, so that the site shows up as fully secure, without any errors?
Shoutcast doesn't seem to work over HTTPS, though I don't think there's a certificate on that server for that FQDN anyway, but it doesn't seem like that adding a SSL certificate to the Shouutcast server will change anything.
Any ideas?
Thanks!
The only way to get rid of this warning is to load all external resources from secure locations. Since Shoutcast doesn't support SSL, your site will not be fully secure as long as you are loading assets directly from them.
See this question for some fairly complicated suggestions on getting around the issue.

Mixed content in Chrome and IE

In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https.
<iframe src="//myothersite.com"></iframe>
In Firefox latest version everything works good.
In Chrome, the iframe isn't loaded and in the console I see these two errors
Mixed Content: The page at 'https://mysite' was loaded over HTTPS, but requested an insecure resource 'http://myothersite.com'.
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS
In IE content load incorrectly and I see an alert message; if I click Allow Insecure Content, it loads correctly.
The question is: how I can do that IE and Chrome as in Firefox (load mixed content without any alerts)?
Note: I haven't changed any browser settings.
Actually Firefox has started to do the same: How to fix a website with blocked mixed content
It makes sense. If the user access a site using HTTPS is expecting to have a secured experience, and he may not be aware of parts of the application loading under not secure connections. That is the reason why the browser blocks such inconsistency.
You will need to provide HTTPS on myothersite.com.
Obviously it's best not to have mixed content to prevent MITM attacks but for those who can't control the url this should do the trick:
Change the src="http://linkToUrl.com" to
src="//linkToUrl.com/script.js"
enter image description here
when i set the url :
from a https request, it report error :
Mixed Content: The page at 'https://127.0.0.1/index.html' was loaded over HTTPS, but requested an insecure resource 'http://127.0.0.1:8080/download/1.txt'.
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS
when i added the target="_blank" to the url: <a target="_blank" href="http://127.0.0.1:8080/download/1.txt">, it works! , it works!
it's well known that target="_blank" means opening the linked document in a new window or tab or a new request!
I'm sorry this isn't as technical as the other answers, but I had the same problem linking jsquery like this, and for me it fixed just by changing http:// to https://. It may not work, but it worked for me and it might work for you.
Problem is mixed content, the browser won't allow us to just do that.
You need change url from:
http://example.com
to
//example.com
I'm having other complication with CloudFlare, it doesn't load as the file has been cached as http. Just go to CloudFlare and "Purge Everything" in cache tab, or else turn on "Development Mode".

rtmpt(e) stream on SSL Page

I'm developing audio streaming web service for PC browsers.
We want to use rtmpt(e) protocol for streaming with Flash plugin.
Main HTML page has https:// URL.
The problem is, when our SWF try to connect streaming server (via HTTP tunnelling), some browser (i.e. Chrome) shows warning on the secure icon in the URL bar:
Your connection to ???.???.com is encrypted with 128-bit
encryption. However, this page includes other resources which are not
secure. These resources can be viewed by others while in transit, and
can be modified by an attacker to change the look of the page.
and on the developer console:
The page at 'https://***.***.com/' was loaded over HTTPS, but displayed insecure content from 'http://stream.***.net/fcs/ident2': this content should also be loaded over HTTPS.
The page at 'https://***.***.com/' was loaded over HTTPS, but displayed insecure content from 'http://***.***.***.113/open/1': this content should also be loaded over HTTPS.
...
I think this is because Flash uses Browser's URL loading facility when accessing HTTP.
How can I avoid these warnings?
We don't want to use rtmp(e) because 1935 may be blocked by firewall on user environment, nor rtmps because our streaming server doesn't support it.
And We don't want to use http:// for main HTML because of requirement.
How can I avoid these warnings?
Fix the Mixed Content. Load everything over HTTPS.

Embedding doesn't work with django-embed-video on HTTPS site

I am using django-embed-video to embed videos from YouTube and Vimeo on my site. It works quite fine. But now I switched to https and videos suddenly stopped to work. Have you any idea why?
Output from pip freeze
Django==1.5
distribute==0.6.34
django-embed-video==0.5
wsgiref==0.1.2
in console log I have had:
[blocked] The page at 'https://localhost:8000/articles/my-test/' was loaded over HTTPS, but ran insecure content from 'http://www.youtube.com/embed/g9fHqTOYpm4?wmode=opaque': this content should also be loaded over HTTPS.
Upgrade django-embed-video.
Support for HTTPS sites has been added in version 0.7. You can read more about this problem in issue in Github repository.