Insecure Elements with hard-coded HTTP assets
-
I had a client that really loves this plugin. It’s an e-commerce site so we had to force HTTPS for the whole site (which is quickly becoming best practice generally anyway). This was the only plugin that was producing insecure elements. I was able to resolve it by doing a search/replace through the main plugin file for:
find: scr=”http:” | replace with: src=”https:
There were only 4 elements, but since it’s a widget it affected MANY of the pages.
Solution Suggestions:
1) either do a protocol-less link (e.g. src=”//domain.com/image.png”) or
2) or do a function that checks in advance for the protocol
3) Or serve all those assets over HTTPS since they are offsite anyway (to my memory)
- The topic ‘Insecure Elements with hard-coded HTTP assets’ is closed to new replies.
