Mixed http and https content

  • Resolved s501

    (@s501)


    10 years, 10 months ago

    I have SSL installed but only want encryption on one page. However, all css and js are served over http causing security warning. Can these assets paths be made relative, so served under http and https.
    Apologies if this has already been asked – couldn’t find answer.

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

  • There are 2 ways to achieve this. Most would suggest using a plugin that rewrites all the URL’s every time the page is accessed (not sure if one exists) or you can edit your wp-config.php which is the quickest and most effective way.

    Add the following to your wp.config.php file before the require_once statement replacing /store/order/ with the page you want to secure.

    if (($_SERVER['HTTPS'] == "on") && ($_SERVER['REQUEST_URI'] == '/store/order/')) {
  define('WP_SITEURL', 'https://domain.com');
  define('WP_HOME', 'https://domain.com');
}
else {
  define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
  define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
}

    [Moderator Note: Please post code & markup between backticks or use the code button. Your posted code may now have been permanently damaged by the forum’s parser.]

    If WP_SITEURL and WP_HOME is already defined then you can comment those lines out by typing 2 forward slashes // at the start of each line.

    There is a caveat – when the HTTPS page is accessed, all links to the pages you wouldn’t want on HTTPS will use HTTPS but they will be redirected back to the HTTP. Hope this helps.

    Thread Starter s501

    (@s501)

    i.ahmed,

    Thanks for the response. I have indeed done something very similar. I added a functions.php to my child theme containing the following:

    $using_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || $_SERVER['SERVER_PORT'] == 443;
add_action('wp', 'check_ssl');
function check_ssl()
{
  if ( $using_ssl )
  {
    header('Location: https://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
    exit;
  }
}

    It enables all https requests to be redirected to http. Let me explain – the registration-complete page is the Auto Returm URL I have specified for PayPal which requires an https landing page if you dont want to see an unsecure popup appearing in browser (Firefox) on return, something like the following:

    Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?

    THe code above satisfies the initial return to https and I then redirect to http which is ok because no sensitive info is displayed on page to user.

    THanks again for your help.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Mixed http and https content’ is closed to new replies.

Tags