Mixed content blocked

I have install Lets Encrypt on one domain . I have issue with mixed content blocking. after lots of search , I came cross a thread and answer was that Browser is not trusting SSL certificate . site is working except I get this message in developer.
The page at https://supplysolution.ca/ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint .
The request has been blocked, the content must be served over HTTPS.
I am running Nginx as revers proxy . and all scripts are loaded from same origin ...
Could this be result of Let's Encrypt Certificate ?

No. Mixed content is not caused by something of the certificate. It's the complete lack thereof in the used HTML. http:// is being used instead of https:// in the URLs in the HTML or JavaScript.

First webpage when I searched for "mixed content" using Google explains this:


I just manged to fix this issue. it seems modern browser implementing Content Security policies by default for some contents..
I use Nginx as reverse proxy to upstream server which is DotNet on ubuntu . and have no clue about microsoft..so solution was to add following into nginx configuration nginx.conf

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

this upgraded the http request to https and now site works .
now i have to look for fix with other issue .. :roll_eyes:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.