Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.
It's happening on post editing pages (admin).
Important:
Consider that in this case the webserver doesn't have a SSL certificate and it's behind a load balancer that decrypt the HTTPS call. This load balancer is the location of our SSL certificate.
Because of this, it seems that the plugin is building the links without HTTPS. We think it would work properly if the links building were based on the $_SERVER['https'] variable.
The code snippet bellow is applied on wp-config.php to check and define the variable mentioned above.
/** Detect if SSL is used. This is required since we are terminating SSL either on CloudFront or on ELB */
$http_cloudfront_forwarded_proto = $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] ?? null;
$http_x_forwarded_proto = $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? null;
if ($http_cloudfront_forwarded_proto == 'https' OR $http_x_forwarded_proto == 'https') {
$_SERVER['HTTPS']='on';
}
Version used:
4.0.24
PHP error messages that might be related
Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.
Issue description:
Error:
Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.
It's happening on post editing pages (admin).
Important:
Consider that in this case the webserver doesn't have a SSL certificate and it's behind a load balancer that decrypt the HTTPS call. This load balancer is the location of our SSL certificate.
Because of this, it seems that the plugin is building the links without HTTPS. We think it would work properly if the links building were based on the $_SERVER['https'] variable.
The code snippet bellow is applied on wp-config.php to check and define the variable mentioned above.
Version used:
4.0.24
PHP error messages that might be related
Mixed Content: The page at 'https://****.com.br' was loaded over HTTPS, but requested an insecure font 'http://***.com.br/?action=kirki-styles&editor=1&ver=4.0'. This request has been blocked; the content must be served over HTTPS.