Mixed Content Warnings

open (7 posts) (3 voices)

  1. johnmasters

    Hello: I am trying to use the Persuasion Theme on a site running entirely under (https). When using Internet Explorer, I receive a "Mixed Content" warning with each new page. I did narrow it down to a theme problem. I also found information about fixing the problem here:


    I hate to modify theme code, and I was hoping you might have a better solution. Please let me know what you think about resolving this issue. Thanks in advance for your help.

    Posted 2 years ago #
  2. Elliott

    Hello johnmasters,

    Send us a link and we'll take a look.

    Posted 2 years ago #
  3. johnmasters

    I can't provide a URL to my site that you can use.

    When running the Persuasion Theme under SSL, Internet Explorer will complain about *Mixed Content* every time a page is displayed. *Mixed Content* means that the page contains references to both HTTP and HTTPS assets (e.g. images, other code, etc.). Because the web server is trying to build a *secure* page it expects all its references to also be secure. So, when it encounters an *unsecured* reference (e.g. HTTP...). it displays the *Mixed Content* message.

    The article (below) offers simple, complete insight into the problem, and the solution:


    The Persuasion Theme includes a file named custom.js. Line 987 in that file contains the following code:

    a.src = 'http:' + '//s.ytimg.com/yts/jsbin/www-widgetapi-vflSEIUSR.js';

    So now that we understand the problem, the question is how to fix it?

    I could make some changes on my end, but this is really a theme problem. To make matters worse, the offending code is part of another open-source package offered by William Duffy, and not MySiteMyWay code. So I suspect the MySiteMyWay team could take the same position.

    My recommendation would be for the MySiteMyWay team to include this java script library (from William Duffy) as a local resource and change the offending line above to reference the local asset as //..... (in other words, do not prefix it with *http* or *https*. In this way, it will work under both http and https sites.

    In closing, I would say that I like the Persuasion theme a lot, and I hope you guys will fix this problem so it works correctly under both HTTP and HTTPS sites.


    Posted 2 years ago #
  4. johnmasters

    Good Morning Elliot: Any insight on the direction that will be taken on this, or other recommendations?

    Thanks again.

    Posted 2 years ago #
  5. Elliott

    You can try deleting the script. I would have to see it in action though.

    Posted 2 years ago #
  6. johnmasters

    Really? Can you please escalate my problem description. There's enough info above such that the development team should be able understand the problem and decide on a course of action (even if it's to do nothing), without having to see the website. Thanks again.

    Posted 2 years ago #
  7. dlfadm

    Elliot, this is a problem for any site using Construct, Persuasion or other MySiteMyWay themes in an HTTPS context. It means that your site does not get the "lock" icon indicating it is properly secured.

    The fix is very simple: delete 'http:' + from line 987 of the custom.js file.

    This line of code includes a YouTube script and that YouTube script is available as both http and https (no need for a local copy). If you delete the explicit http: you will then be left with the "protocol relative" URL starting with //s.ytimg.com which will work both for sites that are running http and those running https.

    There is no downside to this fix. Please implement it!

    Posted 2 years ago #


You must log in to post.

Construct WordPress Theme
Construct wordpress theme
Myriad WordPress Theme
Myriad wordpress theme
Method WordPress Theme
Method wordpress theme
Fusion WordPress Theme
Fusion wordpress theme
Elegance WordPress Theme
Elegance wordpress theme
Echelon WordPress Theme
Echelon wordpress theme
Dejavu WordPress Theme
Dejavu wordpress theme
Modular WordPress Theme
Modular wordpress theme