1. Login

Argh. The Page Was Loaded Over HTTPS, But Requested an Insecure Resource. (On Redirects Only)

In my case, this problem happened after updating my CMS source code, and was due to a mistake in the Location header. I accidentally put Location: in the URL part, which the browser tried fetching as an URL.

1391 views
d

By. Jacob

Edited: 2018-04-26 01:42

Redirects, HTTPS and mixed content errors.

Recently I moved some less suitable content on beamtic.com to its own dedicated subdomain, I also updated the code handling responses to HTTP requests to simplify the respond() function. Guess what happened. I created a bug that affected my 301 redirects from old URLs.

It took me awhile to figure out what was going on, likely because I am really tired and have not slept tonight. Luckily, I actually discovered the bug early. The bug was caused by me changing the redirect code, so instead of Location: ABSOLUTE_URL the system would suddenly output Location: Location: ABSOLUTE_URL.

Further adding to the confusion was the HTTPS error I would get on redirected pages:

Mixed Content: The page was loaded over HTTPS, but requested an insecure resource.

This initially led me to think it was a problem with the destination site, which baffeled me since I was sure I had understood everything i needed, and setup my Lets encrypt correctly.

I was looking over the web developers tools in Chrome and FireFox several times before noticing the mistake. Strangely, Chrome was showing a popup every time I tried visiting the old URL – obviously because it did not understand the invalid value supplied in the Location header. I simply did not see the mistake – likely due to not having slept.

So, if you are getting similar errors on your redirects, be sure to check the value you are sending in your Location header. Every now and then – happens rarely these days – I run into a problem were, regardless of having the gut-feeling of having done everything right, something does not work. In those cases, it is most likely a simple mistake rather than lacking understanding. Luckily, a fix is usually easy with such type of problems.

Share with your friends:

Tell us what you think:

  1. How You Should Use Multiple H1s in HTML
    An in-dept look at the use of headings (h1-h6) and sections in HTML pages.
  2. How to improve your website's pagination
    Pagination can be a confusing thing to get right both practically and programmatically. I have put a lot of thought into this subject, and here I am giving you a few of the ideas I have been working with.
  3. Trailing Question Mark in URLs
    The best way to deal with a trailing question mark is probably just to make it a bad request, because it is a very odd thing to find in a request URL.
  4. Auto-Include Width and Height on Img Elements With PHP
    How to optimize image-loading and automatically include width and height attributes on img elements with PHP.
  5. HTTP Headers are Case-Insensitive
    HTTP headers are not case-sensitive, so we are free to convert them to all-lowercase in our applications.

More in: Web development