Links to pdf files not working on W10 Chrome

[uildriks]

To reproduce, in a browser goto https://duurzaam66.nl/wp-content/uploads/bp-attachments/2691/Advies-WEK-RES-voor-lokale-VKPs.pdf To enter: user=daan, pw=m This opens: https://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/ Next, try open the Bijlage link Advies-WEK-RES-voor-lokale-VKPs.pdf result: pdf downloads in Edge or FireFox, it does not in Chrome 91.0.4472.124 (64-bit)

[dcavins]

The console shows the following error: Mixed Content: The site at 'https://duurzaam66.nl/' was loaded over a secure connection, but the file at 'https://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/?bp-attachment=Advies-WEK-RES-voor-lokale-VKPs.pdf' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.

The request for that file follows this path https://duurzaam66.nl/wp-content/uploads/bp-attachments/2691/Advies-WEK-RES-voor-lokale-VKPs.pdf (302) http://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/?bp-attachment=Advies-WEK-RES-voor-lokale-VKPs.pdf (307) Then finally arrives at https://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/?bp-attachment=Advies-WEK-RES-voor-lokale-VKPs.pdf (200)

The issue is probably that your site has the http version of the site address stored as the "WordPress Address (URL)" or "Site Address (URL)". You can change this by visiting WP Admin > Settings > General and making sure that the URLs for your site are the https version. If that is not the case, check how you are enabling SSL on your site--the https version must be canonical and not a redirect from the http version.

[uildriks]

Hi David, thank you for looking into this. I checked, the WordPress Address and Site Address are both https, so this does not cause the problem. However, I will contact my webhost about the Mixed Content, may well be something in his routing. I will let you know when I have contacted him.

[uildriks]

Hi David. I've been looking into your second advice 'check how you are enabling SSL on your site--the https version must be canonical and not a redirect from the http version.' I've been looking around the web hoster control panel (ISPManager), notably the pages on SSL, but could not find a place where to do this. I also asked my ISP service desk but they did not know what such settings are about. Maybe you can give me a further hint? On the positive side, I did find a peculiar but also significant workaround: when on the Edit tab (note: it may be called different, I'm Dutch) I change the Access >'Who can read this document' from 'Members of the xxx group' to 'Everyone' the problem disappears and it becomes accesible also on Chrome. Apparently in such case the routing changes, does that make sense to you? For further testing I give two urls: 1. one that gives the problem on Chrome, the other 2. with the workaround.

1. https://duurzaam66.nl/wp-content/uploads/bp-attachments/2344/leidraad-landbouw-voedsel-en-biodiversiteit-v3.pdf
2. https://duurzaam66.nl/wp-content/uploads/bp-attachments/2592/Circulaire-Economie-voor-lokale-overheden-V1.5.pdf
3. https://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/?bp-attachment=Advies-WEK-RES-voor-lokale-VKPs.pdf Note that 3. is one that originally gave problems, but after switching Access a few times back and forth it now is generally available. Interestingly the file now is placed in /docs/ as opposed to 1. and 2. in wp-content/uploads/

[dcavins]

Hi @uildriks,

Right, only files attached to private docs (those that have restricted access so that "everyone" cannot see them) use the file protection scheme. Files attached to public docs are accessible via their public URL. Files attached to private docs are protected via .htaccess rules and served using php once the user's access has been checked.

If there weren't an http -> https rewrite happening on your site, the network flow would be

https://duurzaam66.nl/wp-content/uploads/bp-attachments/2691/Advies-WEK-RES-voor-lokale-VKPs.pdf (302) https://duurzaam66.nl/docs/advies-grootschalige-energieopwekking-t-b-v-lokale-verkiezingsprogrammas/?bp-attachment=Advies-WEK-RES-voor-lokale-VKPs.pdf (200)

and Chrome wouldn't complain--and the file would be served successfully. We are using Apache redirects to protect the doc, and sending the request to RewriteBase /docs/{doc-title}/ which should end up at https://your-site if your site is set up with https as its primary protocol.

[uildriks]

Hi David, just a short note that the problem disappeared after I moved to another host. Apparently the previous host had some http redirects under the hood which they did not acknowledge. Anyway, all is fine now, thanks for a great plug-in! Regards, Mark