Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure font '<URL>'. This request has been blocked; the content must be served over HTTPS
And 40 requests for fonts from discourse-fonts gem. This is a fresh installation where Postgres and Redis is run on a separate server inside local network and the connection is “socketed” but served to the outside over https of course. There are similarthreads but no clear answer to me. Checking CSS points to wizard.scss (source-mapped). Any clues?
Most probably no. Where do I set it? And why should it be needed in the first place instead of having the CSS request static assets over https or relative references?
FWIW - on the outside facing webserver I do have the typical 301 set
Well, me neither. I didn’t modify anything. Just the regular launcher build app These URLs seem to be in the processed CSS, which I obviously didn’t touch (nor the scss) in any way. I didn’t find anything https related in the app.yml either so… don’t know. The force_https seem to work the problem around.
It depends how we define “necessary”. Currently it might be necessary to work around the actual problem, which is that compiled CSS files reference static assets explicitly using http schema. But IMHO this should not be necessary in the long run
In this case, if you enable force_https you will end up with all assets URL error R_SSL_PROTOCOL_ERROR if you requested domain doesn’t install certificate. Then to avoid that you install certificate for that to resolve the SSL protocol issue
If you instead install Discourse with above template uncommented, the site’s assets URL should be HTTPS along with your site base URL protocol. And more, the force https is invisible in admin UI.
As mentioned in the original post, in my case certificate and everything is correct and valid but all connections to the outside are handled by a reverse-proxy (nginx, obviously ;-), while connection to discourse goes over unix socket. Meaning I have templates/web.socketed.template.yml
rather than any of those you mention. Still - this should not need to cause static URLs have hardcoded explicit http: schema