اتصالك بهذا الموقع ليس آمنًا بالكامل

steelmaiden · 14 سبتمبر 2020، 8:13ص

Any ideas how to fix this? I see that the schema.org urls are going through http protocol, could this be the problem? URL of my forum is wmforum.geek.hr

JuergenAuer · 14 سبتمبر 2020، 8:31ص

Hi @steelmaiden

no, that’s not the problem. These are internal definitions

<script type="application/ld+json">{"@context":"http://schema.org","@type":"WebSite","url":"https://wmforum.geek.hr","potentialAction":{"@type":"SearchAction","target":"https://wmforum.geek.hr/search?q={search_term_string}","query-input":"required name=search_term_string"}}</script>

like namespace definitions, not urls used to load the content.

I don’t see mixed content warnings.

Use Ctrl + Shift + I, then check the console to find the urls.

steelmaiden · 14 سبتمبر 2020، 10:15ص

Got this:

Refused to load the script 'https://certify-js.alexametrics.com/atrk.js' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

and this:

Refused to load the script 'https://script.dotmetrics.net/door.js?id=1249' because it violates the following Content Security Policy directive: "script-src https://wmforum.geek.hr/logs/ https://wmforum.geek.hr/sidekiq/ https://wmforum.geek.hr/mini-profiler-resources/ https://wmforum.geek.hr/assets/ https://wmforum.geek.hr/brotli_asset/ https://wmforum.geek.hr/extra-locales/ https://wmforum.geek.hr/highlight-js/ https://wmforum.geek.hr/javascripts/ https://wmforum.geek.hr/plugins/ https://wmforum.geek.hr/theme-javascripts/ https://wmforum.geek.hr/svg-sprite/ https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Those are tracking scripts, i need them to run properly.

Arkshine · 14 سبتمبر 2020، 10:45ص

If I’m not wrong, you likeky need to add those scripts in content security policy script src.

JuergenAuer · 14 سبتمبر 2020، 10:49ص

These are not mixed content warnings.

These are other problems you should fix.

Mixed content warnings: Images via http.

الموضوع		الردود	مرات العرض
Schema of internal link meta itemprop url showing http version Support	5	1229	8 يونيو 2024
Embedding Discourse Comments via Javascript over https Support	3	659	1 مارس 2020
Images URLs are broken (https: part not being included) Support	4	365	6 أكتوبر 2021
Mixed Content warnings Support	9	692	11 سبتمبر 2020
How to send http request Dev	9	1424	14 ديسمبر 2016

اتصالك بهذا الموقع ليس آمنًا بالكامل

الموضوعات ذات الصلة