I have a website (clubdivisionals.com) with an SSL certificate enabled. On the live stream page of my site, I tried embedding a Twitch.TV video feed and chat box. The video feed is a flash player that is served via HTTPS while the chat box is an iframe that does not have SSL encryption. By default, web browsers such as Chrome and Firefox block the chat box because it's an iframe using HTTP served on an HTTPS website. Obviously, the iframe is not serving malicious content, but the web browser doesn't know this.
Is there a way around this without telling users to load "unsafe script?"
EDIT: one solution I could picture is disabling HTTPS only on the live stream page. Is there a way to do this using .htaccess? I can also provide the code to my .htaccess if you need it.
EDIT: Here is a solution I discovered on my own by editing the .htaccess file to disable SSL on the live stream page:
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteRule ^livestream.php$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !livestream.php [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I'm not well versed in .htaccess's syntax, so please let me know if there is an issue with what I am doing or if there's a simpler way of doing it.
We do not have control on content inside iframe. I-frame URL must work on HTTPS, so chat box URL must adopt SSL. You may disable HTTPS on specific page only if your webpage not containing log-in, sign-up options.
Related
I coded a webpage. At all sites I have to include several files via HTML. These files are stylesheets, images, javascripts and so on.
My big problem is Firefox. If I open the main page (https://www.example.de/) in any browser everything works fine. If I open a subpage (https://www.example.de/sub_page) of the webpage in Microsoft Edge, Chrome, Safari and a few other browsers everything displays as it should. Only in Firefox the subpage completly displays incorrect. Over the network tab I found out that these files are not loaded, because Firefox uses wrong urls for the files I have to include.
For example:
Included JS:
<script src="./scripts/main.js"></script>
Expected example-URL (Used URL in all other browsers):
https://www.example.de/scripts/main.js
Used example-URL only by Firefox:
https://www.example.de/subpage/scripts/main.js
And that last one is a wrong url. The first one is correct.
The subpage file is in the same directory as the main site file and the main site file loads perfectly in Firefox with the same include-urls. So why only in Firefox the urls get like this at my subpage? Any help is highly appreciated. Please tell me if you need more examples or anything else.
EDIT:
The subpage is a single php file and not in a extra folder. .htaccess edits the urls on the whole site. It is looking like this:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [NC,L]
ErrorDocument 400 ./404.php
Best regards,
Filip.
I am completely new writing in .htaccess format. First what I did was add this in for the removal of my .html extensions. I am doing all this in cPanel under the /public_html/ folder. I also moved my .htaccess file inside that folder.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
All my pages that I have up right now are working without the extensions, expect when I go back to my homepage. Originally index.html but now when I click the home button my url looks like http://allisonshtml.com/public_html
Really to me when I think about this, its kind of backwards because my website is inside the public_html folder.
I tried everything in my power to fix this. Please help or any feedback would be lovely!
Figured it out, my Google chrome wasn't rendering. Cleared the background data and waaalaa it worked.
I have a website that has an SSL-certificate. When I enter the homepage everything is correct and a green lock is displayed in the url, see my website here.
The issue is that this lock is not being displayed on some pages. Here is an image of it.
How can I assure that the green lock is being displayed on ALL pages on the website?
I have noticed that when I insert the website that doesn't have the green look at first the look appears while the website is loading and after finished loading it disappears.
EDIT 1, the code below is used to re-write all URLS with www to "https://". This one I have implemented into my .htacess-file.
RewriteEngine On
# If not using www
RewriteCond %{HTTP_HOST} !^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]
# If using www
RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Problem solved by using this plugin https://wordpress.org/support/plugin/wordpress-https
Can anyone sudgest me how to solve my problem without using the plugin maybe? Somehow some URLs are not being updated.... any idea on how to do it manually instead of using plugin?
My best guess would be that your page contains some non-https content.
Add Following meta value to your header. Basically it will force non HTTPS to use HTTPS secure connection url.
If you want to allow the Mixed Content request, then add the below tag into tag.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
If you want to block then add the below tag into the tag
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
I have two html pages on my webserver
www.example.com/desktop.html
www.example.com/mobile.html
In principle the content and functionality of both is the same, although markup is different (mobile.html being build on jquery mobile).
What I would like to do is serve all mobile visitors www.example.com/mobile.html if they're mobile, www.example.com/desktop.html otherwise but keep www.example.com in the address bar irrespective of device.
Additionally, once the visitor is on either page, I would like to provide a link to the other version and additionally store this preference in a cookie and serve it by default if/when they return in subsequent visits.
How can i do this?
I'd also like to take this opportunity to state how much I love stack overflow, it's solved so many of the issues which I encounter.
Thanks
Add this to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|opera\ m(ob|in)i|palm(\ os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows\ (ce|phone)|xda|xiino) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a\ wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1\ u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-) [NC]
RewriteRule ^$ /mobile.html [L]
RewriteRule ^$ /desktop.html [L]
I snagged the %{HTTP_USER_AGENT} matches from that link in Rob W's comment. You may want to revise it or try to find a more complete one on google somewhere. This essentially checks if the user-agent is a mobile one, and if so, rewrite the / request internally to /mobile.html, otherwise it rewrites it to /desktop.html. Since this is an internal rewrite, the URL Location bar on the browser remains www.example.com.
I'm using my htaccess file to try to remove .html (and other if I need to) file extensions from my web URL's.
The problem is it doesn't seem to work unless I go through my links in the site and manually remove .html from all of them (which makes testing the site locally quite annoying and I'm not sure if I'm supposed to remove the .html file extension).
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
This works if a user types in www.mysite.com/about instead of www.mysite.com/about.html, except when clicking through the links of my site it still adds the extension?
What's the best way to go about removing the .html, absolute links on my site with http://www.mysite.com/about etc or should I remove the extension and just have paths like ../about instead of ../about.html?
.htaccess file does not change your code so if you put the extension in your page (for links), you must remove it.