Rabin Lama Rabin Lama - 1 month ago 6
PHP Question

How to get rid of console error when implementing SSL on codeigniter

I recently used a method to force SSL on my web application built on codeigniter. I did exactly what was told here http://tutsnare.com/redirect-to-ssl-in-codeigniter/
It did the job. All the pages are loaded in HTTPS with the lock sign. But on the console I am getting this error

Mixed Content: The page at 'https://dev26.calvarycch.org/applications/index/children' was loaded over HTTPS, but requested an insecure script 'http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js'. This request has been blocked; the content must be served over HTTPS.


What does this mean ? And how do I remove it ?

Answer

When running a website behind SSL all content must be provided behind the SSL protocol. This means that all images/css/javascript/fonts/svg (and I hope I didn't forget any other external optional content) must also be with https:// (and not http://).

You need to go over all of your HTML and make sure that every place you use http:// (in images/css/javascript) is changed to https://, however this is not something that you can just do automatically, because not all websites work with SSL. You need to check it before just change it.

In your specific example, google's CDN can provide the same file in both HTTP and HTTPS so you can just change:

<script src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>

to

<script src="https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>

Notice the httpS at the beginning

Comments