Your connection to this site is not fully secure

steelmaiden · September 14, 2020, 8:13am

Any ideas how to fix this? I see that the schema.org urls are going through http protocol, could this be the problem? URL of my forum is wmforum.geek.hr

JuergenAuer · September 14, 2020, 8:31am

Hi @steelmaiden

no, that’s not the problem. These are internal definitions

<script type="application/ld+json">{"@context":"http://schema.org","@type":"WebSite","url":"https://wmforum.geek.hr","potentialAction":{"@type":"SearchAction","target":"https://wmforum.geek.hr/search?q={search_term_string}","query-input":"required name=search_term_string"}}</script>

like namespace definitions, not urls used to load the content.

I don’t see mixed content warnings.

Use Ctrl + Shift + I, then check the console to find the urls.

steelmaiden · September 14, 2020, 10:15am

Got this:

Refused to load the script 'https://certify-js.alexametrics.com/atrk.js' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

and this:

Refused to load the script 'https://script.dotmetrics.net/door.js?id=1249' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Those are tracking scripts, i need them to run properly.

Arkshine · September 14, 2020, 10:45am

If I’m not wrong, you likeky need to add those scripts in content security policy script src.

JuergenAuer · September 14, 2020, 10:49am

These are not mixed content warnings.

These are other problems you should fix.

Mixed content warnings: Images via http.

Topic		Replies	Views
Mixed Content: The page at '<URL>' was loaded over HTTPS error support	6	3357	January 31, 2022
Schema of internal link meta itemprop url showing http version support	4	1141	March 23, 2017
Whenever a post contains "substring" I get a 403 error support	3	575	February 2, 2022
Mixed Content warnings support	9	608	September 11, 2020
Insecure fonts requests support	10	971	May 28, 2023

Your connection to this site is not fully secure

Related Topics