Jump to content

Awful mixed content issues


Lukeroge

Recommended Posts

So I enabled my site for full https in addition to http, and the site can never manage to get the urls right. It seems most urls will change to HTTP or HTTPS, but a few don't seem to change properly based on what protocol the site was loaded as. Any modern script should support this properly.

Also, the system the script uses for guest caching results in another issue. If someone loads an HTTPS page, the script caches the result of that and serves the page with HTTPS urls in it to any non-HTTPS user who comes later, causing issues with cross-site requests and stopping things from loading correctly. This also works the other way, where if a page is loaded with HTTPS shortly after it was loaded with HTTP, it will break the page because all the URLs for CSS/etc are cached as the HTTP ones and will be blocked by the browser.

Link to comment
Share on other sites

You need to change your web server config so that any http requests are rewritten to https before they hit the forum. You want all users hitting the site with the same URL regardles of what they typed in the browser. Something like:

# Force https for all
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

 

Link to comment
Share on other sites

You need to change your web server config so that any http requests are rewritten to https before they hit the forum. You want all users hitting the site with the same URL regardles of what they typed in the browser. Something like:

# Force https for all
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

 

I know I could force global SSL, but I had hoped to not require that right yet. IPS4 really should be able to handle requests from both protocols without breaking the page.

Link to comment
Share on other sites

You're going to run into more problems if you continue allowing both http and https traffic, as you could end up with google indexing both as separate sites, and then potentially penalising you for duplicate content. Best practice is to have one or the other.

Link to comment
Share on other sites

You're going to run into more problems if you continue allowing both http and https traffic, as you could end up with google indexing both as separate sites, and then potentially penalising you for duplicate content. Best practice is to have one or the other.

I suppose I'll have to make up my mind then, haha. Thanks :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...