Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mixed Content Page: requested an insecure stylesheet error

I have a website working on it. when i open any page with http:// protocol, every thing is loaded correctly, but when i try to load the page with https protocol, the page loaded but without css and javascript file.
The console shows the following errors.

Mixed Content: The page at 'https://www.example.com/index.php?main_page=login' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/site_map.html'. This request has been blocked; the content must be served over HTTPS.

I figured that the problem is the browser can not load any css files when it requested by https protocol.
The problem is with htaccess file, because when i removed it, the css files loaded correctly.

The page and css files loaded to browser with https in their urls like this

<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style1.css"> <link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style2.css"> 

when the browser tries to load the css files, it is redirected to

http://www.example.com/site_map.html   

How can i make htaccess allow https to open the css and js files in a specific folder?

Thanks

UPDATE The htaccess file content

RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule (.*) http://www.example.com/$1  ############################################################################### # Common directives ############################################################################### # NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:  Options +FollowSymLinks RewriteEngine on  RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]  RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.example.com/ [R=301,L]  #RewriteBase /  ############################################################################### # Start Ultimate SEO URLs ###############################################################################  # Original (unchanged) URL formats RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L] RewriteRule ^(.*)-c-(.*)-p(.*)\.html$ /index.php?main_page=$4&cPath=$2&sort=$5&page=$3 RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L] RewriteRule ^(.*)-ez-(.*).html$ index.php?main_page=page&id=$2 [L]  # All other pages # Don't rewrite real files or directories RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L]   # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule   index.html$  index.php [QSA]    # 480 weeks <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header set Cache-Control "max-age=290304000, public" </FilesMatch>  # 2 DAYS <FilesMatch "\.(xml|txt)$"> Header set Cache-Control "max-age=172800, public, must-revalidate" </FilesMatch>  # 2 HOURS <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=7200, must-revalidate" </FilesMatch> # compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript  RewriteEngine on RewriteBase /  ErrorDocument 404 /index.php RewriteRule   index.html$  index.php [QSA] 
like image 919
Karim Harazin Avatar asked May 25 '15 09:05

Karim Harazin


People also ask

How do you fix insecure content was loaded over https but requested an insecure resource?

You are trying to access via "http" on a "https" site, its best to use "https" content. You shouldn't access insecure data on a secure channel. Sometimes just use 'http' instead of 'https' can solve this issue.


1 Answers

If you are able to serve CSS etc over HTTPS, the best solution is to use // as the scheme for asset URLs.

That means "use the same scheme (sometimes called protocol) as the parent document", i.e. use https if the page uses https. For example:

<link rel="stylesheet" href="//mysite.com/styles.css"> <script src="//mysite.com/app.js"></script> 
like image 94
joews Avatar answered Sep 19 '22 19:09

joews