We have an ExpressionEngine site we’re accessing via both http and https. Our users get security warnings from IE when accessing via https because some assets are accessed insecurely (CSS and images referenced there, in this case).
This happens when the setting ‘General Config -> URL to the root directory of your site’ includes the http:// protocol identifier (With that field blank, set just to the site domain [example.com], or set without a protocol [//example.com/], we encounter other problems, so those are not really an option). The problematic URLs are, of course, those generated with {path=} or {stylesheet=} in the templates.
Is there a good way to get all assets delivered via the same protocol as the page?
Thanks, Scott
It's because EE variables don't detect or utilise https by default, so you have to set them in code. The easiest way is to use an add-on:
http://devot-ee.com/add-ons/https-support
http://devot-ee.com/add-ons/dm-force-ssl
http://devot-ee.com/add-ons/force-ssl (commercial)
(In no particular order) I've not used any of these so can't recommend a specific one as I use my own plugin.