Website templates not loading, firefox complains about "security issue and mixedcontent."

RandomKangeroo · July 1, 2020, 8:41am

Summary

Suddenly the website only loads bare-bones: I see html, I see some pictures. But the template and the css are not loaded. Firefox says: Securtiy issue, mixedcontent.
When I change the servertype to http or https, it works a again, for a while and css and templates are loaded.
Does anyone know what is going on and what is the remedy fior this? Do I have to turn everything to be only https or http maybe (Im a beginner, guessing)?

Environment

MODX version: MODX Revolution 2.7.3-pl
Nginx version: Nginx/1.14.0 (Ubuntu)
Browser: Firefox

bruno17 · July 1, 2020, 9:49am

maybe, it would be easier to help, if we could see your template.
Sounds like it is possible to load your page by http and https and one or the other is cached partially.
You should force https and/or call site_url - placeholders uncached, like
[[!++site_url]]

RandomKangeroo · July 1, 2020, 10:11am

Hi Bruno!

Thanks for replying!

I do not know what I should show you exactly as the problem remains a bit unclear to me… for the time being everything seems to working normal again, after I set server type back to http… I feel this is probably not really the solution errrr

I use a bootstrap template form Vasily Naumin: https://modx.com/extras/package/?id=theme.bootstrap

When I look in the header, I see this:

<meta charset="[[++modx_charset]]">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="[[*description]]">
<base href="[[++site_url]]" />
<title>[[!pdoTitle]] / [[++site_name]]</title>

<link rel="stylesheet" type="text/css" href="assets/css/mycss.css">

[[*id:input=`<link href="[[++assets_url]]components/themebootstrap/css/bootstrap.min.css"    rel="stylesheet">`:htmlToBottom]]
[[*id:input=`<script src="[[++assets_url]]components/themebootstrap/js/jquery-3.3.1.min.js"></script>`:jsToBottom=`1`]]
[[*id:input=`<script src="[[++assets_url]]components/themebootstrap     /js/bootstrap.bundle.min.js"></script>`:jsToBottom=`1`]]
[[*id:input=`<link href="[[++assets_url]]css/customcss.css" rel="stylesheet">`:htmlToBottom]]

So to force I add the ! to the [[++site_url]] ?

markh · July 1, 2020, 10:59am

Yes, you should always have that in the base href tag uncached.

That probably sorts it out, but if it doesn’t you can do more debugging using the browsers’ developer tools to find out what requests are getting blocked due to the mixed content.

RandomKangeroo · July 1, 2020, 11:14am

Thanks a lot!
I hope that solved it as well. For now all looks fine. I changed server type back to https and added the exclamation mark.