Mixed HTTP/HTTPS Content?

I have a vanilla discourse that I just setup using the digital ocean droplet running but my browsers indicate that parts of the page are insecure due to images:

These are literally you’re images that are causing the insecurity? I had uploaded logos prior and deleted all of them thinking that was somehow the problem but… nope… the discourse logos are now the problem… what’s going on?

1 Like

No, it’s because you haven’t enabled force_https. Once you do Discourse will refer to those assets using https.

You need to enable that setting once you have configured https and tested it. It’s not automatic.

5 Likes

where do you enabled that?¿

1 Like

Assuming you have admin rights.

https://{your-host}/admin/site_settings/category/all_results?filter=force_https

5 Likes

Okay, thank you Stephen! Gosh, I was really scratching my head because of this part of @tgxworld original post:

5. Adjust your dependencies for HTTPS

  • Check that all shared resources such as images, logos, third party JavaScript dependencies, etc, are all linked via https:// and not http://
  • Check all your social logins and make sure they are pointing to the https:// and not http:// versions of your site’s authentication URLs.
  • If you are using a CDN, you will need to switch your CDN to use https:// and not http:// to pull resources.
  • If your browser does not show any warnings in its f12 console in the security about insecure assets:… you are now ready to force HTTPS by going toAdmin :arrow_right: site settings :arrow_right: force https

You really might want to update that section to reflect the instructions for setting up HTTPS because apparently I did everything right but the current instructions make it seem like I did something wrong because the default images were causing an insecurity error. I just toggled Force HTTPS and everything works (the instructions had me thinking I was going to wreck my install because of “insecure” images).

Anyhow, thanks again! I’m the new happy owner of a HTTPS Discourse!

3 Likes

thanks @csmu

=D
20 characters to send message

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.