Search code examples
httpsmixed-content

Mixed content errors with https?

This one has me perplexed...

On my website, I am getting Mixed content errors in my console yet when inspecting the source, the urls it says are http are showing as https?

In fact, a search for anything with http:// returns nothing.

Inspection shows:

<img src="https://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&amp;width=420&amp;height=310&amp;mode=crop&amp;scale=both&amp;404=default" data-lazy="https://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&amp;width=420&amp;height=310&amp;mode=crop&amp;scale=both&amp;404=default" alt="2 Bedroom Apartment for Sale in Strand North" title="2 Bedroom Apartment for Sale in Strand North" class="lazy loading-F5F5F5">

Yet I get this error:

Mixed Content: The page at 'https://www.immoafrica.net/residential/for-sale/south-africa/?advanced-search=1&st=' was loaded over HTTPS, but requested an insecure image 'http://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&width=420&height=310&mode=crop&scale=both&404=default'. This content should also be served over HTTPS.

Solution

  • The page is requesting the following https URL:

    https://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&width=420&height=310&mode=crop&scale=both&404=default

    …but the server is redirecting that https URL to the following http URL:

    http://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&width=420&height=310&mode=crop&scale=both&404=default

    Paste that https URL into your browser address bar and you’ll see you end up at the http URL.

    Or try it from the command line with something like curl:

    $ curl -i 'https://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&width=420&height=310&mode=crop&scale=both&404=default'

HTTP/2 301
date: Sat, 06 Jan 2018 01:56:57 GMT
cache-control: max-age=3600
expires: Sat, 06 Jan 2018 02:56:57 GMT
location: http://images.immoafrica.net/aHR0cHM6Ly9yZXZvbHV0aW9uY3JtLXJldm9sdXRpb24tcHJvcGltYWdlcy5zMy5hbWF6b25hd3MuY29tLzU2LzE3MTk4OC8xMjcxOTk0X2xhcmdlLmpwZw==/fb5c609f3c1506a8798dfa620ccf8a15?1=1&width=420&height=310&mode=crop&scale=both&404=default
server: cloudflare
cf-ray: 3d8b1051cfbf84fc-HKG

    …and notice th server sends back a 301 response and a location header with the http URL.

    So the problem seems to be, that images.immoafrica.net site isn’t served over HTTPS/TLS and instead redirects all requests for https URLs to their http equivalents.

    There’s nothing you can do on your end to fix that — other than creating or using some kind of HTTPS proxy through which you make the requests for images.immoafrica.net URLs.