After enabling WP-Discourse plugin, I found comments from Discourse caused my WP site mix-content problem: All the avatars were loaded through HTTP instead of HTTPS.
I tried to fix it myself. And after reading the WP-discourse plugin code, I found the HTTP image URLs are stored in wp_postmeta with meta_key
discourse_comments_raw. And this value is got from https://my.discourse.site/t/topic/20/wordpress.json
I found this JSON file responded with HTTP images URLs instead of HTTPS. But my whole Discourse site is transferred through HTTPS.(Though I noticed that it also sometimes get mix-content problem too)
The possible reason for this is that I used HTTP from the very beginning and later changed to HTTPS and some settings seems not changed…
Can anybody tell me how to fix this?
By the way, I add SSL by assigning certification to outer Nginx. Guess I have to specify using HTTPS in settings somewhere…
It seems that the image URLs returned from your Discourse forum are http. I’ll see if there’s anything that can be done on the WordPress end to deal with that.
The problem fixed after I enabling force HTTPS in Discourse. Add an option on the WordPress end will be good though.
BTW, even if my post published to Discourse only has a link (followed instruction on WP Discourse template customization). There is still a “show full post” button under the Onebox. And if I click it the link will expand to a full article in plain text. This is not good. I’m a freshman to Discourse. Is this how Discourse treat external links?
You can remove this on Discourse by unselecting the ‘embed truncate’ setting. There is a description of how to do this in the WP Discourse inline documentation. It’s found on the Publishing tab in the description for the Use Full Post Content setting.
I do see that documentation.
But I unselected “Publish the full post to Discourse, rather than an excerpt.” in WP-Discourse settings. So I think since WP-Discourse won’t publish the full post to Discourse, Discourse has no full post to show. However the actual result is not like what I think.
Sorry, I was not being clear. That setting will not have an effect on your posts, because you are using a custom template. But, the description of that setting tells you what you need to do to remove the ‘Show Full Post’ button from Discourse.
Go to your Discourse forum at
/admin/site_settings/category/posting and look for the ‘embed truncate’ setting. Unselect that setting on Discourse.
That’s fine I got your point.
Another thing I don’t understand is: since there is an
link account option in user profile page (when Discourse is used as the SSO provider), why user can still edit their Discourse username on that page? Won’t that cause problems?(For example change it to administrator’s username)
If you select the option ‘Do Not Display Discourse Name Field’ on the Publishing tab, the Discourse Username won’t be editable. Unfortunately with that setting, the Discourse Username is not displayed at all. That’s something that needs to be fixed.
Well that’s really a weird design. Hope to be fixed. I’ll see if I can fix it myself later.
What I was thinking of doing is just printing the Discourse username to the user preferences page so that it could be seen that it’s set. Would that work?
I had a similar problem: Insecure content from markdown-it-bundle when using https
You need to let discourse know you want the SSL version of the site by specifying https in your outer nginx config by adding:
proxy_set_header Host $http_host;
proxy_set_header Host https
Then just reload nginx and it should work correctly!
Hope this helps!