I just enabled
force_https on my Discourse installation. The https termination is handled by a reverse proxy in front of it. Enabling
force_https switches most of Discourse’s internal links to https, but not those for already existing images and specifically favicons and logo. Now accessing my site over https causes a mixed content warning due to the non-https images being included.
The links can be made to be https by re-uploading the images or by executing
SiteIconManager.ensure_optimized! from the rails console, so apparently the link is being cached somewhere and not updated when
force_https is changed.
Discourse should update the links to its uploaded images (and probably all uploads) when
force_https is toggled. Or even better would be to not include the scheme in those links, though I don’t know if that is possible.