Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
Pages: 1
Howdy, I've spent the better part of two days adjusting .htaccess files attempting to get the backend to force HTTPS across the board.
I'm getting these consistent errors for insecure mixed content (URL obviously changed on the dev site):
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
(index):13 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/normalize.css'. This request has been blocked; the content must be served over HTTPS.
(index):14 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/structure.css'. This request has been blocked; the content must be served over HTTPS.
(index):15 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/navigation.css'. This request has been blocked; the content must be served over HTTPS.
(index):16 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/style.css'. This request has been blocked; the content must be served over HTTPS.
(index):17 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/grid-framework-12col.css'. This request has been blocked; the content must be served over HTTPS.
(index):18 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
(index):20 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/jquery.fancybox.min.css'. This request has been blocked; the content must be served over HTTPS.
(index):22 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/magnific-popup.css'. This request has been blocked; the content must be served over HTTPS.
(index):23 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/jquery-ui.css'. This request has been blocked; the content must be served over HTTPS.
(index):24 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure stylesheet 'http://examplesite.com/photos/backlight/modules/module-admin/lib/css/footable.standalone.min.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
examplesite.com/:1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/jquery-2.1.3.min.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/pangolin.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/navigation.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/jquery.fancybox.min.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/jquery-ui.min.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/admin.js'. This request has been blocked; the content must be served over HTTPS.
(index):1 Mixed Content: The page at 'https://examplesite.com/photos/backlight/admin/' was loaded over HTTPS, but requested an insecure script 'http://examplesite.com/photos/backlight/modules/module-admin/lib/js/footable.min.js'. This request has been blocked; the content must be served over HTTPS.
No amount of disabling .htaccess files clears the problem, nor does adding the following to the Backlight .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The front end threw similar errors due to a text/html mime type problem but was solved by inserting "AddDefaultCharset utf-8" to the bottom of the root .htaccess file.
I'm stumped. Any ideas how to fix the backend of the site?
Offline
In your BL settings, what is your Site URL? The Wordpress URL? Are they using http or https?
I don't have this problem. All my page assets are linked via https.
I didn't need anything to change in .htaccess. I'd rather not modify that file.
My hosting service provides a setting to force all pages to load via https. That's all it took to get what I think you're after.
--Jim
Offline
Thanks for the input. The site at the root is running Joomla on an AWS EC2 Linux 2 instance, with everything https. This Backlight site is one folder deep (base-site/photos/) and that's where this has me stumped... I know the firewall on the site isn't preventing anything (I've turned it off for testing) and the parent site .htaccess file has been commented out, so it's not that either.
I suppose it could relate to directory ownership and permissions. I reinstalled the site a few times trying to get the kinks worked out on the front end, but the permissions inside the backlight folder all match the installer (apache:apache, 775/664)... and I can't imagine how that would default a few core css/js files to serve as http.
Really strange.
Offline
Do you have Automatically Redirect Browsers To https set to Yes in the Backlight Settings?
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
I tried that earlier and broke the site, having to reinstall when I couldn't find the configuration file in the admin section to change it through a text editor. If you can point out where to do that I'll try it again, but I'm nervous at the idea of locking myself out again.
Offline
I don’t know.
Probably best to wait for Ben or Matt to weigh in
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
is this a site that was converted to https after an initial build?
You could try going to the Backlight Dashboard and clicking on Update Backlight Index Files under Special Links
Is Backlight 2 up to date?
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
No, the site was flipped over to https about 9 months ago. I just tried the Update Backlight Index Files again; still with no success on the backend. Everything is up-to-date, especially since the site was reinstalled just two days ago. Ha!
Offline
I'm out of ideas.
But Ben probably will have some. Could be a case of something not going right in a database update.
He'll likely ask for Backlight admin as well as FTP access.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
Have you tried clearing the template cache? Designer > Templates > Clear Template Cache.
If https redirection is broken, you can force it to not redirect by doing the following:
1. Rename backlight/env.php.skel to backlight/env.php
2. Edit the line:
//define('BLOCK_HTTPS_REDIRECTION', true);
Removing the leading "//" so that it looks like:
define('BLOCK_HTTPS_REDIRECTION', true);
(or if that line isn't in your env.php, add it).
If you're still stuck, then as Rod suggested, please provide me with admin access to your Backlight admin, and FTP details via email.
Offline
I found the solution for the backend of my Backlight site in the URLHelper file (backlight/modules/module-framework/helpers/URLHelper.php). Going to line number 292 and changing the protocol from 'http' to 'https' forces all of the scripts and css files in the site to conform to HTTPS and the errors disappear. No idea why some content can sneak past this and be flipped over to https on the front end, but at this point I'm just glad to have the site working properly.
Obviously this tweak would be a bad idea in a mixed https/http or strictly http environment, but if you know everything is being run through SSL it's a winner.
Offline
Please do NOT hack the code! I have offered to solve this for you, in which case I will be able to work out the problem and advise on how to fix it, or to put in a fix to our codebase if there's a bug. As it stands, your code change will break for every update we make, and may have adverse affects.
Offline
Can you provide me with a Backlight admin login, so that I can see via PHPInfo whether the HTTPS flag is not being set, and if so, whether there's a fallback flag I can add to check instead?
Offline
Pages: 1