Mixed HTTP/HTTPS Content?

I have a vanilla discourse that I just setup using the digital ocean droplet running but my browsers indicate that parts of the page are insecure due to images:

These are literally you’re images that are causing the insecurity? I had uploaded logos prior and deleted all of them thinking that was somehow the problem but… nope… the discourse logos are now the problem… what’s going on?

1 Like

No, it’s because you haven’t enabled force_https. Once you do Discourse will refer to those assets using https.

You need to enable that setting once you have configured https and tested it. It’s not automatic.


where do you enabled that?¿

1 Like

Assuming you have admin rights.



Okay, thank you Stephen! Gosh, I was really scratching my head because of this part of @tgxworld original post:

5. Adjust your dependencies for HTTPS

  • Check that all shared resources such as images, logos, third party JavaScript dependencies, etc, are all linked via https:// and not http://
  • Check all your social logins and make sure they are pointing to the https:// and not http:// versions of your site’s authentication URLs.
  • If you are using a CDN, you will need to switch your CDN to use https:// and not http:// to pull resources.
  • If your browser does not show any warnings in its f12 console in the security about insecure assets:… you are now ready to force HTTPS by going toAdmin :arrow_right: site settings :arrow_right: force https

You really might want to update that section to reflect the instructions for setting up HTTPS because apparently I did everything right but the current instructions make it seem like I did something wrong because the default images were causing an insecurity error. I just toggled Force HTTPS and everything works (the instructions had me thinking I was going to wreck my install because of “insecure” images).

Anyhow, thanks again! I’m the new happy owner of a HTTPS Discourse!


thanks @csmu

20 characters to send message

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.