WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 2 months ago

#43433 new defect (bug)

mixed-content for install page stylesheets

Reported by: mimke Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.1
Component: Upgrade/Install Keywords: reporter-feedback
Focuses: Cc:

Description

I am trying to install wordpress 4.9.1 on my https website but the browser (chrome 64.0.3282.186 & firefox 58.0.2) gives me mixed-content error when loading wp-admin/install.php and the page looks broken. after installing wordpress I cannot login with my given username and password and default page seems broken too

Change History (4)

#1 @johnbillion
3 months ago

  • Keywords reporter-feedback added

@mimke Thanks for the ticket, and welcome to WordPress Trac.

Can you let us know a few things in order to determine the cause, please?

  • Which mixed content is present on the page? (You can find this in your browser's developer console)
  • Do you have a wp-content/install.php script present which may be interfering?
  • Are you running your site behind a reverse proxy, for example via Cloudflare?

#2 @mimke
3 months ago

chrome developer console:

Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure stylesheet '<URL>'. This request has been blocked; the content must be served over HTTPS.
install.php:8 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-includes/css/buttons.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:9 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-admin/css/install.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:10 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-includes/css/dashicons.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-includes/css/buttons.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-admin/css/install.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/blog/wp-includes/css/dashicons.min.css?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-includes/js/zxcvbn-async.min.js?ver=1.0'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-admin/js/password-strength-meter.min.js?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-includes/js/underscore.min.js?ver=1.8.3'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-includes/js/wp-util.min.js?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:1 Mixed Content: The page at 'https://www.example.com/blog/wp-admin/install.php?step=1' was loaded over HTTPS, but requested an insecure script 'http://www.example.com/blog/wp-admin/js/user-profile.min.js?ver=4.9.4'. This request has been blocked; the content must be served over HTTPS.
install.php:119 Uncaught ReferenceError: jQuery is not defined
    at install.php:119

my site is on self hosted vps behind haproxy and I redirect http to https with following configuration in haproxy :

redirect scheme https code 301 if !{ ssl_fc }

#3 @SergeyBiryukov
3 months ago

  • Component changed from Administration to Upgrade/Install

#4 @wpmiro
2 months ago

Hello. I had the same issue. I'm using Wordpress 4.9.4. I'm running it behind an nginx reverse proxy with the necessary proxy headers:

proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;

I've added the following code right before the "That's all, stop editing..." line in my wp-config.php based on the instructions located at: https://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy

// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact 
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy 
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { 
        $_SERVER['HTTPS'] = 'on'; 
}

Now it works fine. Hope that helps :)

Note: See TracTickets for help on using tickets.