Any ideas how to fix this? I see that the schema.org urls are going through http protocol, could this be the problem? URL of my forum is wmforum.geek.hr
Hi @steelmaiden
no, that’s not the problem. These are internal definitions
<script type="application/ld+json">{"@context":"http://schema.org","@type":"WebSite","url":"https://wmforum.geek.hr","potentialAction":{"@type":"SearchAction","target":"https://wmforum.geek.hr/search?q={search_term_string}","query-input":"required name=search_term_string"}}</script>
like namespace definitions, not urls used to load the content.
I don’t see mixed content warnings.
Use Ctrl + Shift + I, then check the console to find the urls.
Got this:
Refused to load the script 'https://certify-js.alexametrics.com/atrk.js' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
and this:
Refused to load the script 'https://script.dotmetrics.net/door.js?id=1249' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Those are tracking scripts, i need them to run properly.
If I’m not wrong, you likeky need to add those scripts in content security policy script src
.
These are not mixed content warnings.
These are other problems you should fix.
Mixed content warnings: Images via http.