When checking if we had the same problem, we came across a similar issue, and as I thought they might share a root cause I dived into this.
The avatars on our test setup were served from a CDN. So I disabled the CDN in order to test your issue.
After disabling the CDN, the avatar images were still served from the CDN URL. We had to re-upload the avatar to get rid of this. This was definitely not a caching issue - we tested from different browsers and made sure we restarted Discourse and flushed redis.
After re-uploading the avatar it was served from http and we got a mixed content issue as well.
when storing an avatar, the base_url_no_prefix function is executed in order to determine the URL
default_port = 80
protocol = “http”
protocol = "https"
default_port = 443
So there’s your solution, did you enable the
use_ssl parameter? (It’s new for me that this was required as well). But there is some bad news:
- The avatar URL is stored in the database upon upload. That means that if you switch SSL or CDN, existing avatars will NOT use the new URL until they’re re-uploaded. The same goes for images in posts, but I think the ‘rebake’ rake task takes care of that.