redirecting http traffic to https with avoiding mixed content warnings

I have a site which has recently had an SSL certificate installed on it. The .htaccess file currently forces all traffic to use http and there are many hard coded links throughout the site, including references to css and javascript files.

Would it be safe just to change the .htaccess file to redirect all traffic to https? I'm guessing that will give me mixed content warnings as some links will be served over http instead of https.

I am thinking maybe it would be best to change all the links to src="//www.mysite.com" first before changing the .htaccess file. I appreciate that it would be better practice to update the httpd.conf file to include the SSL changes, I just don't want to break the live site.

I have also noticed that sometimes css and javascript changes aren't always downloaded when refreshing the page but if I view the page source and click on the source file it downloads and the site works fine. Obviously I want to avoid this sort of situation when going live.

What would be the best way forward?

1 answer

  • answered 2018-07-11 13:17 Dimitris

    Just changing .htaccess to redirect to https will not solve your problem. The browser will probably still see the http inside your html and produce the mixed content warning.

    You will have to go through your templates and either switch to relative links, or to // or to https://

    The fact that your static css and js files are not updated immediately is because browsers cache such files.

    During dev, you can use ctrl+F5 for a hard refresh of the page to get fresh copies from the server.

    A first solution is to append something like ?v=1 to the file urls. This will force the files to be downloaded every time you change the version. But keep in mind that old browsers might not cache files with GET parameters at all.

    The super safe way would be to set the version on the static side of the url.

    Like /js/assets.v1.js

    Manually doing any of those options might be tedious, but it will be effective.

    There are tools that can do this automatically every time you build your assets, but you might have to modify your templates even more for it to work properly. It really depends on what you are using.