search

themeum / kirki

Extending the customizer
https://kirki.org
MIT License
1.26k stars 329 forks source link

Mixed content error on post editing pages (admin) #2494

Open luis-movel opened 1 year ago

luis-movel commented 1 year ago

Issue description:

Error:

Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.

It's happening on post editing pages (admin).

Important:

Consider that in this case the webserver doesn't have a SSL certificate and it's behind a load balancer that decrypt the HTTPS call. This load balancer is the location of our SSL certificate.

Because of this, it seems that the plugin is building the links without HTTPS. We think it would work properly if the links building were based on the $_SERVER['https'] variable.

The code snippet bellow is applied on wp-config.php to check and define the variable mentioned above.

/** Detect if SSL is used. This is required since we are terminating SSL either on CloudFront or on ELB */
$http_cloudfront_forwarded_proto = $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] ?? null;
$http_x_forwarded_proto = $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? null;
if ($http_cloudfront_forwarded_proto == 'https' OR $http_x_forwarded_proto == 'https') {
    $_SERVER['HTTPS']='on';
}

Version used:

4.0.24

PHP error messages that might be related

Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.

DeoThemes commented 1 year ago

Getting the same error. What is the solution?