A problem with kendodatepicker over https - asp.net-mvc-4

I use kendodatepicker in my asp mvc project for input persian date.But when publish my website over https . Https not allow to load kendo cdn.This is my console log :
Mixed Content: The page at 'https://gormast.ir/Admin/Discount/Create' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.kendostatic.com/2013.2.918/styles/kendo.default.min.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://gormast.ir/Admin/Discount/Create' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.kendostatic.com/2013.2.918/styles/kendo.common.min.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://gormast.ir/Admin/Discount/Create' was loaded over HTTPS, but requested an insecure script 'http://code.jquery.com/jquery-1.9.1.min.js'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://gormast.ir/Admin/Discount/Create' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.kendostatic.com/2013.2.918/styles/kendo.default.min.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://gormast.ir/Admin/Discount/Create' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.kendostatic.com/2013.2.918/styles/kendo.common.min.css'. This request has been blocked; the content must be served over HTTPS.

Related

HTTPS security is compromised by http: *.abc.com

I have problem while redirecting the http:// url from https:// pages.
http pages are the url formed internally in java code. when redirection happens from https to formed http url pages are not loading properly and showing loading symbols.
In browser console error showing as "HTTPS security is compromised by http:www.aabc.com"
when i forcibly try to replace http to https redirection says target page uses older tls version

Mixed content error when using github pages with custom domain

I'm hosting my git-hub pages website (peps09791.github.io) using a custom domain (https://thebotspeaks.com) with Cloudflare.
To enable HTTPS, I have done the following configurations:
In my _config.yaml file
I have set the URL key accordingly
url: "https://peps0791.github.io"
From my cloudFlare dashboard, I have enabled option of HTTPS rewrites to prevent mixed content error.
I have also enabled Flexible SSL from CloudFlare.
I haven't enabled default HTTPS-redirection because the website breaks over HTTPS. On HTTP, it works fine.
Right now, when I try to access my website using HTTPS, I get mixed content error:
Mixed Content: The page at 'https://thebotspeaks.com/' was loaded over HTTPS, but requested an insecure image 'http://thebotspeaks.com/assets/images/bio-photo.jpg'. This content should also be served over HTTPS.
09:54:45.323 (index):1 Mixed Content: The page at 'https://thebotspeaks.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://thebotspeaks.com/assets/css/main.css'. This request has been blocked; the content must be served over HTTPS.
09:54:45.785 (index):1 Mixed Content: The page at 'https://thebotspeaks.com/' was loaded over HTTPS, but requested an insecure script 'http://thebotspeaks.com/assets/js/main.min.js'. This request has been blocked; the content must be served over HTTPS.
From console, I can see this:
<script src="https://peps0791.github.io/assets/js/main.min.js"></script>
<link rel="stylesheet" href="https://peps0791.github.io/assets/css/main.css">
How do I resolve this issue?
The problem here is that your assets (i.e. your CSS or JavaScript) are redirecting to the HTTP version of your site. This is because your assets are referencing directly to your GitHub site instead of the Cloudflare-enabled domain.
For example; your HTML references your CSS files at https://peps0791.github.io/assets/css/main.css instead of https://thebotspeaks.com/assets/css/main.css
In order to fix this it looks like you'll need to update your _config.yaml file to have the following URL key:
url: "https://thebotspeaks.com"
More general advice on fixing a variety of Mixed Content issues can be found in the following article on the Cloudflare Knowledge Base: How do I fix the SSL Mixed Content Error Message?
Adding this helped me to deal with the Mixed Content error on GitHub pages on a custom domain secured with enabled HTTPS:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Apparently for me. The website inside CNAME file in Github repo did NOT had https prefix. So I added https://. and it worked.
Cheers
P.S: Fixed this problem after 1 year, can you believe.

SSL for relative paths?

I noticed when accessing a site using HTTPS I get errors in the JS console when trying to include CSS or JS files from a relative path such as this:
<link rel="stylesheet" type="text/css" href="css/demo.css?id=14" />
Mixed Content: The page at 'https://mysiste.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://mysiste.com/css/demo.css?id=14'. This request has been blocked; the content must be served over HTTPS.
What's the ideal solution for this scenarios?
Should I just force all the HTTP accesses to be redirected to HTTPS?
Or is there a way to tell the server to serve all relative paths using HTTPS?
Relative links will use the protocol and host from the base URL. The base URL is usually the one which can be seen in the URL bar. But it is possible to change the base URL explicitly using the base tag.
This means if you have a base URL with http as protocol set in your page it will still use http instead of https even though you've accessed the site with https and the reference is relative, i.e. like this:
<base href="http://example.com/">
To fix it either remove the base tag or change it to use https instead of http:
<base href="https://example.com">

Mediawiki can't load CSS if SSL is enabled

There is an http:// hardcoded somewhere in mediawiki codebase, causing these errors. Can't find out, what.
Index:13 Mixed Content: The page at 'https://xy/Index' was loaded over HTTPS, but requested an insecure stylesheet 'http://xy/load.php?debug=false&lang=hu&modules=mediawiki.legacy.co…face%7Cmediawiki.ui.button%7Cskins.vector.styles&only=styles&skin=vector&*'. This request has been blocked; the content must be served over HTTPS.
Index:1 Mixed Content: The page at 'https://xy/Index' was loaded over HTTPS, but requested an insecure script 'http://xy/load.php?debug=false&lang=hu&modules=startup&only=scripts&skin=vector&*'. This request has been blocked; the content must be served over HTTPS.
In your mediawiki folder, there's a file named LocalSettings.php
You need to edit that file and change $wgServer value from http:// to https://

Heroku: was loaded over HTTPS, but requested an insecure XMLHttpRequest - request has been blocked

UPDATE:
Mixed Content: The page at 'https://myapp.herokuapp.com/#/employees'
was loaded over HTTPS, but requested an insecure XMLHttpRequest
endpoint
'http://api.geonames.org/countryInfoJSON?username=design1online'. This
request has been blocked; the content must be served over HTTPS.
I'm trying to call the below api from one of my app in heroku and I'm getting the below error
Do I need to add-on SSL?
I have even tried without http: something like this:
//api.geonames.org/countryInfoJSON?username=design1online
API call:
http://api.geonames.org/countryInfoJSON?username=design1online
Error:
failed to load resource: net::err_ssl_protocol_error
adding S to the http tag actually worked for me, I just had the issue today
<script src="https://maps.googleapis.com/maps/api/js?region=GB"></script>