Copy-pasting from a long explanation I had sent to someone:
The reason why Firefox shows the warnings and Chrome doesn't is because Chrome automatically checks for https links for mixed content, and automatically serves the https link instead of the http link in case it works.
You can find out which particular links are serving the mixed content (http links on a https page) by choosing inspect element when you right-click on the page, and seeing the console output.
Looks like Firefox will display the warning even if the http link is redirected to an https link -
https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
"To fix this type of error, all requests to HTTP content should be removed and replaced with content served over HTTPS. Some common examples of mixed content include JavaScript files, stylesheets, images, videos, and other media.
Note: The console will display a message indicating if mixed-display content is being successfully upgraded from HTTP to HTTPS (instead of a warning about "Loading mixed (insecure) display content")."
So even with cloudflare proxying set to strict https, Firefox would show this warning (as of March 2021).
Then, if you want this to be fixed, ask whoever has access to the web server to change all http requests to https -
https://themify.me/blog/mass-replace-urls-https-wordpress-database
No comments:
Post a Comment