After applied SSL settings to enforce HTTPS browser starts complaining "Mixed Content: ..." as the image shown bellow.
"Mixed Content" warnings occur when an HTTPS page is asked to load a resource over HTTP. Insecure resources are vulnerable to alteration by an active attacker or eavesdropping by a passive attacker, which violates the user's expectation of security for an HTTPS page. Ref: Fixing mixed content for more information.
Fix:
Change all insured links with "http://" to "https://" on the page. This could a tough work and time consuming. The following is a hot fix, it works very well for me.
Hot fix:
Add meta content in html head section to allow browser automatically upgrade http to https, ensure loading contents through SSL layer.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Comments