bramus / mixed-content-scan

Scan your HTTPS-enabled website for Mixed Content
MIT License
522 stars 51 forks source link

Sourced content (http or https) should never warn or error if it's prefixed by the top-level site URL #60

Open rklrkl opened 7 years ago

rklrkl commented 7 years ago

I want to use mixed-content-scan on http-only WordPress sites before I convert them to https. WordPress infuriatingly uses absolute URLs for its own internal links (e.g. for its own CSS, JS, images) and mixed-content-scan seems to pick up all these http:// internal links as warnings/errors.

I tried putting just ^{$rooturl} in ignorepatterns/wordpress.txt (and pointed --ignore= to that file), but mixed-content-scan still kept reporting the absolute-but-internal http:// URLs as warnings/errors.

mixed-content-scan should probably never warn/error on a sourced URL that is prefixed with the site URL that's passed to the script since that's actually an internal URL that will become https://-prefixed when I do the "usual" DB search-replace on the WordPress http site to convert the site to https. Yes, I've complained bitterly to the WP devs that they use absolute URLs for internal sourcing/linking but they just stick their fingers in their ears and ignore me :-(