I have a website working on it. when i open any page with http:// protocol, every thing is loaded correctly, but when i try to load the page with https protocol, the page loaded but without css and javascript file.
The console shows the following errors.
Mixed Content: The page at 'https://www.example.com/index.php?main_page=login' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/site_map.html'. This request has been blocked; the content must be served over HTTPS.
I figured that the problem is the browser can not load any css files when it requested by https protocol.
The problem is with htaccess file, because when i removed it, the css files loaded correctly.
The page and css files loaded to browser with https in their urls like this
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style1.css"> <link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style2.css">
when the browser tries to load the css files, it is redirected to
http://www.example.com/site_map.html
How can i make htaccess allow https to open the css and js files in a specific folder?
Thanks
UPDATE The htaccess file content
RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule (.*) http://www.example.com/$1 ############################################################################### # Common directives ############################################################################### # NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below: Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.example.com/ [R=301,L] #RewriteBase / ############################################################################### # Start Ultimate SEO URLs ############################################################################### # Original (unchanged) URL formats RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L] RewriteRule ^(.*)-c-(.*)-p(.*)\.html$ /index.php?main_page=$4&cPath=$2&sort=$5&page=$3 RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L] RewriteRule ^(.*)-ez-(.*).html$ index.php?main_page=page&id=$2 [L] # All other pages # Don't rewrite real files or directories RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L] # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule index.html$ index.php [QSA] # 480 weeks <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header set Cache-Control "max-age=290304000, public" </FilesMatch> # 2 DAYS <FilesMatch "\.(xml|txt)$"> Header set Cache-Control "max-age=172800, public, must-revalidate" </FilesMatch> # 2 HOURS <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=7200, must-revalidate" </FilesMatch> # compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript RewriteEngine on RewriteBase / ErrorDocument 404 /index.php RewriteRule index.html$ index.php [QSA]
You are trying to access via "http" on a "https" site, its best to use "https" content. You shouldn't access insecure data on a secure channel. Sometimes just use 'http' instead of 'https' can solve this issue.
If you are able to serve CSS etc over HTTPS, the best solution is to use //
as the scheme for asset URLs.
That means "use the same scheme (sometimes called protocol) as the parent document", i.e. use https
if the page uses https
. For example:
<link rel="stylesheet" href="//mysite.com/styles.css"> <script src="//mysite.com/app.js"></script>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With