"Connection not secure" on the homepage

[teo123]

Apparently, some images or scripts on the homepage are transmitted unencrypted, and the browsers complain about that. Now, I do not think it is a serious issue, as the log-in page is secure, but it can frighten people.

[brimstoneSalad]

Can you find what image it is? I have not received this notification.

[teo123]

Can you find what image it is? I have not received this notification.

If I open the developer tools in Firefox, apparently those are

Code: Select all

{"GET":{"scheme":"http","host":"philosophicalvegan.com","filename":"/images/patreonsupport3.jpg","remote":{"Address":"0.0.0.0:80"}}}

and a few others.

[teo123]

See the line 391 on the homepage, when you are not logged in:

Code: Select all

<a href="https://www.patreon.com/philosophicalvegan" alt="Please support us on Patreon" rel="nofollow" target="_blank"><img src="http://philosophicalvegan.com/images/patreonsupport3.jpg"></a>

The "href" is "https", but "src" is "http".

[brimstoneSalad]

All of the links in the code are https

[brimstoneSalad]

Oddly they're being changed to http for some reason

[brimstoneSalad]

When I inspect it, it says http, but the current source is listed as https.
May be an .htaccess issue on your end?

I changed the code to be a relative URL. Might not work here anymore, but it's showing https on the home page now. What's it show for you?

[teo123]

When I inspect it, it says http, but the current source is listed as https.
May be an .htaccess issue on your end?

I changed the code to be a relative URL. Might not work here anymore, but it's showing https on the home page now. What's it show for you?

It still claims the connection is not secure, and, if I open the developer tools, it shows this:

What do you mean a htaccess issue at my end? As far as I understand it, the end-user should not be able to access htaccess at all, yet alone modify it. As far as I know, htaccess is a peculiarity of Apache servers, and most modernized servers do not even have it, but have better solutions.

[brimstoneSalad]

@teo123 So it's not just that one, it's all of the images?

What do you mean a htaccess issue at my end?

No idea. That's the only thing I can see that would cause it, but somehow it's not behaving for you. Maybe something to do with a CDN in your region, or your computer caching non-secure versions... I don't know.
This is puzzling.

[teo123]

@teo123 So it's not just that one, it's all of the images?

What do you mean a htaccess issue at my end?

No idea. That's the only thing I can see that would cause it, but somehow it's not behaving for you. Maybe something to do with a CDN in your region, or your computer caching non-secure versions... I don't know.
This is puzzling.

Which browser are you using? I have noticed Gecko-based browsers (Firefox, TOR Browser...) claim my Etymology Game is insecure (rightly so, I do not think it is important to make it secure), while Chromium-based browsers (Chrome, Brave browser, Opera 15+...) claim it is secure. Chromium-based browsers apparently (I don't know the exact rules) do not check whether images and scripts are from a secure source, and claim a page is secure whenever HTML is served over HTTPS. Which is wrong.