Mixed content / Optional use of HTTPS schema

  • My homepage is configured using SSL, i.e. use https: as a scheme instead of http:
    I do already automatically forward http: to https:, but I am striving for removing mixed content.

    Today, I noticed images using lazy loading, having the the following code: <img src=”data:image/svg+xml,%3Csvg%20xmlns=’https://www.w3.org/2000/svg’%20viewBox=’0%200%20104%2059’%3E%3C/svg%3E

    I know this is already stated in your documentation, but I only realized that when searching for the origin of the mixed content caused by the code above.

    I did really first suspect the WordPress theme causing the mixed content described above, but couldn’t find where in the theme’s code!
    I realized after several hours search that it’s the WP Rocket LazyLoad plugin that is causing the mixed content.

    I know you have suggesting a solution in your documentation, but the solution is not removing the cause, but rather providing a workaround.

    I would very much prefer, if you added a setting, where it could be possible to choose whether to use the http: or https: as the scheme.

    I have been using your plugin now for some time and I am grateful having access to plugin like the lazyLoad. I will however probably start searching for another plugin unless LazyLoad get native support of https:

    Best regards / Reynir.

    • This topic was modified 1 year, 7 months ago by reynir1.
Viewing 1 replies (of 1 total)
  • Plugin Contributor WP Rocket

    (@wp_rocket)

    Hi Reynir,
    I hope you are well!

    The Enable Lazyload option should not generate Mixed content, possibly the error is related to a second layer cache or some other configuration.

    I can’t review the code you shared because it’s restricted/blocked for my area.

    However, I suggest you start by reviewing the most basic configuration of your website. You can read some recommendations in the following article: https://docs.wp-rocket.me/article/314-using-ssl-with-wp-rocket

    In case you are on an Apache/LiteSpeed server you can also force HTTPS via htaccess.
    You would only have to add the following code at the beginning of the file:
    Header always set Content-Security-Policy "upgrade-insecure-requests;"
    If you have doubts about how to add it, I suggest you ask your server provider for help.

    I hope my answer solves your doubts, and you can solve the mixed content issue.



Viewing 1 replies (of 1 total)
  • The topic ‘Mixed content / Optional use of HTTPS schema’ is closed to new replies.