(Related to another question in this forum, thought I’d try rephrasing and putting in the WordPress area…)
Trying to load WordPress site “domain.com” over SSL. Certificate is installed correctly, all links to graphics and other files are properly converted to urls with https except I get these errors:
[blocked] The page at https://domain.com/ ran insecure content from http://domain.com/?dynamic=css.
[blocked] The page at https://domain.com/ ran insecure content from http://domain.com/?dynamic=js.
The pertinent HTML is as follows:
<link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo('url'); ?>/?dynamic=css" />
and
<script type="text/javascript" src="<?php bloginfo('url'); ?>/?dynamic=js"></script>
So it looks like I have a snag in loading dynamically-generated css or js over SSL. Debian/Apache2. Anyone know how to fix it? Thank you.
I haven’t seen any browser totally barf on insecure content, but IE will show a warning.
The solution is for every resource to load over SSL if HTTPS is specified.
One nifty protocol-agnostic technique is to simply write
//example.cominstead ofhttps://example.comorhttp://example.com. The protocol will be determined by whatever is currently in use.So if you are on
http://example.com/checkout/, then resources will usehttp://example.comas the base. If the connection is secure, resources will automagically point tohttps://example.comwithout any conditional code.In the WordPress admin panel, you can specify the URL which is returned by
bloginfo('url').Edit: there is a way to do this in the HTML directly. Change
bloginfo('url');tostr_replace('http:', '', bloginfo('url'));There is a plugin you can use to force assets to be fetched (per page) via SSL (https) here: http://wordpress.org/extend/plugins/wordpress-https/