Have you cleared Chrome’s cache?
2 Likes
If there have been any HTTP 301 redirects used, those also need to be purged from the browser. The classification of a 301 as a permanent redirect is quite accurate and can wreak havoc upon the unsuspecting webmaster.
In searching for a good explanation of how to clear those, I actually surfaced a reply that I wrote a few years back in another community.
2 Likes
yes. Always need to do that anything I change any code (html, javascript, CSS files, etc).
I have not attempted any redirects beyond the root level .htaccess file, where, where on advice from "whynot padlock.com", I added a redirect to ensure all site wide access that came as http would be re-directed to https: (yes, the rewrite engine is on!) NOTE: this is currently commented out, so I can experiment and re-enable it when I'm haere and available to work.
#rewrite linked http to https
RewriteCond %{HTTP_HOST} throughthecracks\.org [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://throughthecracks.org/$1 [R,L]
You can use this directive to solve that specific problem, probably: mod_mime - Apache HTTP Server Version 2.4
AddType text/css css
But it should already be the default, do you have some kind of overbroad override?
This is more universal, if you want to try it:
# redirect other fqdns to me.example.com without switching scheme
RewriteCond "%{HTTP_HOST}" "!=me.example.com" [NC]
RewriteRule "^/?(.*)" "%{REQUEST_SCHEME}://me.example.com/$1" [L,R,NE]
# redirect http to https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
1 Like
Well after clearing cache, and a few other tweaks, such, I'm getting the main page to load as https: But all the CSS and javascripts, and lots of graphic links and such, are failing to load. In the CHROME console, the reason is always "ERR_ABORTED 403 (Forbidden)". To I'm forbidden to load my own files. And they are all root referenced (not http://) so this isn't mixed content errors. I'm talking to A2 hosting about it now.
1 Like
Possibly depending on how you've setup the permissions of the Security Headers
see these:
Just to be clear, I'm focusing my attention on "throughthecracks.org", on of my addon domains, and NOT "pixyland.org" right now. The reason being, :throughthecracks" is a much simpler site, with much simpler coding, so I'm using it as my test case. But I'll look at your links, because maybe its the same problem. Right now, loading "throughthecracks.org" results in a million console errors, all claiming a 403 error, because my javascripts, loaded via " tags are all being "blocked due to MIME type (“text/html”)" trouble is, this makes no sense. My script tags all look something like this one, below.
<script src="/scripts/siteScripts2.js?v42d" > </script>
That's the standard and correct way. And adding "type ="text/javascript" " to them does nothing. Adding "AddType text/javascript js mjs" to my .htaccess files similarly has no effect. Though I'm new to the "https" situation, I've been hand coding my sites a long time, and there is nothing wrong with the way I'm including my javascript files. Something beyond my control is doing this, so I'm reaching out to the support folks at my hosting company (A2Hosting). They are usually pretty helpful, but if they can't find the problem, I'll just have to go back to http:.
I'm getting a largely functional HTTPS site for throughthecracks. The only obvious thing failing is the counter at the bottom of the page. I didn't try to debug that.
This was Firefox Private Browsing session. Note the lock icon to the left of https://...
1 Like
Thanks! And **EUREKA!!!!**I'm making progress here too!
See my reply to the whole topic below!
1 Like
**EUREKA!!!!**I'm making progress!!!!
The problem seems to have been be additional .htaccess files in a lot of my folders, some of which are literally ancient! This is all my fault! I've been running many of my sites, literally since the turn of the century. And at least 4 times I've moved to a different hosting company. You know each time you do that, the new hosting company "volunteers" to "migrate" everything for you. I have all kinds of extra .htaccess files in various folders, often to deny and prevent things like hot linking, or just making directories private.
BUT DAMMMM IT! I forgot how often, almost by rote, I had my stupid re-direct of https -> http copied in to all of them. It almost became a template for me, but of course it never mattered before.
Then there was another weird .htaccess problem. Due to a change in a version of PHP way back around version 5.4 (yeah I'm old!), I was forcing a particular version of PHP in my SCRIPTS folder. Now why in hell that was causing all my html inclusions to be rejected for being the wrong MIME type beats me. But I guess, as they say, "truth is stranger than fiction, because FICTION HAS TO MAKE SENSE".
But anyway, WOW!!! I'm well on my way to having my first HTTPS site working as hoped. Thanks to everyone for all the great help, and even more for your patience!
This calls for opening a bottle! 
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.