SSL-certificate; Green lock is sometimes not displaying - google-chrome

I have a website that has an SSL-certificate. When I enter the homepage everything is correct and a green lock is displayed in the url, see my website here.
The issue is that this lock is not being displayed on some pages. Here is an image of it.
How can I assure that the green lock is being displayed on ALL pages on the website?
I have noticed that when I insert the website that doesn't have the green look at first the look appears while the website is loading and after finished loading it disappears.
EDIT 1, the code below is used to re-write all URLS with www to "https://". This one I have implemented into my .htacess-file.
RewriteEngine On
# If not using www
RewriteCond %{HTTP_HOST} !^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
# If using www
RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Problem solved by using this plugin https://wordpress.org/support/plugin/wordpress-https
Can anyone sudgest me how to solve my problem without using the plugin maybe? Somehow some URLs are not being updated.... any idea on how to do it manually instead of using plugin?

My best guess would be that your page contains some non-https content.
Add Following meta value to your header. Basically it will force non HTTPS to use HTTPS secure connection url.
If you want to allow the Mixed Content request, then add the below tag into tag.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
If you want to block then add the below tag into the tag
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">

Related

Firefox uses wrong urls

I coded a webpage. At all sites I have to include several files via HTML. These files are stylesheets, images, javascripts and so on.
My big problem is Firefox. If I open the main page (https://www.example.de/) in any browser everything works fine. If I open a subpage (https://www.example.de/sub_page) of the webpage in Microsoft Edge, Chrome, Safari and a few other browsers everything displays as it should. Only in Firefox the subpage completly displays incorrect. Over the network tab I found out that these files are not loaded, because Firefox uses wrong urls for the files I have to include.
For example:
Included JS:
<script src="./scripts/main.js"></script>
Expected example-URL (Used URL in all other browsers):
https://www.example.de/scripts/main.js
Used example-URL only by Firefox:
https://www.example.de/subpage/scripts/main.js
And that last one is a wrong url. The first one is correct.
The subpage file is in the same directory as the main site file and the main site file loads perfectly in Firefox with the same include-urls. So why only in Firefox the urls get like this at my subpage? Any help is highly appreciated. Please tell me if you need more examples or anything else.
EDIT:
The subpage is a single php file and not in a extra folder. .htaccess edits the urls on the whole site. It is looking like this:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [NC,L]
ErrorDocument 400 ./404.php
Best regards,
Filip.

Time gap between .favicon and all all other requests?

We're seeing a consistent pattern across speed tests on GT Metrix for a site where there is a 150-250ms gap between all resources loading and then the favicon request initializing. This is extending the fully loaded time.
Any ideas why this might be happenening?
Favicon is referenced in the head of the HTML file as follows:
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
The Drupal 7 .htaccess file refers to favicon as follows:
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
Screenshot of waterfall (note gap between penultimate and last request):
This is because the favicon is not needed to actually render the page, only to display in the title bar, so browsers postpone downloading it.
(I'm curious myself if it can be force-loaded quicker, apparently it's not trivial at all, even with preload or http/2 push it would just be loaded twice)

HTTP iframe in an SSL encrypted page

I have a website (clubdivisionals.com) with an SSL certificate enabled. On the live stream page of my site, I tried embedding a Twitch.TV video feed and chat box. The video feed is a flash player that is served via HTTPS while the chat box is an iframe that does not have SSL encryption. By default, web browsers such as Chrome and Firefox block the chat box because it's an iframe using HTTP served on an HTTPS website. Obviously, the iframe is not serving malicious content, but the web browser doesn't know this.
Is there a way around this without telling users to load "unsafe script?"
EDIT: one solution I could picture is disabling HTTPS only on the live stream page. Is there a way to do this using .htaccess? I can also provide the code to my .htaccess if you need it.
EDIT: Here is a solution I discovered on my own by editing the .htaccess file to disable SSL on the live stream page:
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule ^livestream.php$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !livestream.php [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I'm not well versed in .htaccess's syntax, so please let me know if there is an issue with what I am doing or if there's a simpler way of doing it.
We do not have control on content inside iframe. I-frame URL must work on HTTPS, so chat box URL must adopt SSL. You may disable HTTPS on specific page only if your webpage not containing log-in, sign-up options.

remove .html with htaccess

I'm using my htaccess file to try to remove .html (and other if I need to) file extensions from my web URL's.
The problem is it doesn't seem to work unless I go through my links in the site and manually remove .html from all of them (which makes testing the site locally quite annoying and I'm not sure if I'm supposed to remove the .html file extension).
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
This works if a user types in www.mysite.com/about instead of www.mysite.com/about.html, except when clicking through the links of my site it still adds the extension?
What's the best way to go about removing the .html, absolute links on my site with http://www.mysite.com/about etc or should I remove the extension and just have paths like ../about instead of ../about.html?
.htaccess file does not change your code so if you put the extension in your page (for links), you must remove it.

htaccess rewriting twice in CHROME

I have the following in my htaccess so i can access the page as via domain.com/whatever instead of domain.com/index.php/view/whatever. So this removes index.php/view from the URL. This is working fine in all browser except chrome. Chrome is rewriting the page twice. The way i noticed this is because i have a counter on the page. Everytime the page load, the counter gets incremented by 2. If i remove the rewrite rule then counter works properly and increments by 1. Why is the rewrite happening twice in chrome. Firefox and IE loads the page only once like it should.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/view/$1 [L]
PS: view and whatever are neither files not folders. They are dynamically generated.
Nothing wrong with your htaccess. Make sure you have a valid favicon on your page. This drove me insane once and took me a while to figure out.
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">