Standard jQuery not using https

  • Resolved andrewpaulbowden

    (@andrewpaulbowden)


    8 years ago

    Hello

    Hoping someone will have an idea about this one. I have a WordPress network, and I’m trying to move one of the sites over to just use https for page calls. I’ve done this on some standalone WordPress sites and had no problems.

    However on this multisite I keep getting insecure content. On delving into it, I’ve noticed that WordPress is using non-SSL URLs for things like JQuery – i.e. it’s using https:// instead of https:// in the script calls. It’s not just jQuery – other scripts are affected that are either enqueued by directly by WordPress, or by a plugin.

    I can’t see any reason for this. The site URL is set in the database as https://. I am using the standard version of Jquery – not enqueing my own or anything like that. Gone through all the docs and can’t spot anything that gives an indication, so I’m a bit stuck. I could work round it, but I’d rather not put in a hack.

    If anyone’s got any ideas, I’d be very happy to hear them as it’s a blocker due to Firefox and Chrome filtering out non-secure content

Viewing 3 replies - 1 through 3 (of 3 total)
  • jkhongusc

    (@jkhongusc)

    I think it depends on how build your site. I know our web developers make sure all content uses protocol relative urls; so that none of our post/pages contains urls with http or https. Our sites run fine view in http or https.

    So if your site was created with absolute urls in it, you will have to go through all the content and change it from http to https. Usually this is done via plugin or database.

    webaware

    (@webaware)

    It sounds like you’re behind a reverse proxy — e.g. nginx. See here for some info:

    https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

    You can install SSL Insecure Content Fixer to help diagnose the problem. It can also resolve it for you, or you can use the information from that plugin to work out what to add to your wp-config.php file to fix it permanently without a plugin. More info here:

    https://ssl.webaware.net.au/https-detection/

    cheers,
    Ross

    Thread Starter andrewpaulbowden

    (@andrewpaulbowden)

    Thanks for the replies. I tried SSL Insecure Content Fixer, but had no joy with that. I do use Cloudflare, and try to use relative URLs where I control them.

    However I managed to find the answer this morning. The answer was simply to add

    $_SERVER['HTTPS'] = 'on';

    to wp-config.php. Hey presto, solved. If I view the non secure version, the urls use http. If I view secure, https urls.

    I guess it’s a side effect of using Cloudflare.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Standard jQuery not using https’ is closed to new replies.