Mixed content error with RSS widget

[gregmagn1]

To avoid SSL Mixed content warning, it is needed to force the RSS icon to load with https

[sabernhardt]

@gregmagn1 Thanks for the report!

If your WordPress Address (​Site URL) setting uses "https" then I don't think the icon should be served insecurely (unless a plugin filters includes_url).

However, this might be a good situation for using the includes_url function's "relative" argument in class-wp-widget-rss.php:

$icon = includes_url( 'images/rss.png', 'relative' );

If forcing secure, it could be more like this:

$scheme = is_ssl() ? 'https' : null;
$icon   = includes_url( 'images/rss.png', $scheme );

[gregmagn1]

Hi. My WordPress address use https. All other pictures, icons and plugins contents served secured content correctly. The only icon that makes problem with "Mixed Content Warning" is the RSS plugin icon ...

[desrosj]

Hi @gregmagn1,

Can you provide some additional details? Which theme are you using? Also, have you tested this on a fresh install?

@sabernhardt is correct in that the RSS icon is output by passing the URL through the includes_url() function. Ultimately, is_ssl() is called to detect whether the site supports SSL or not.

It's likely code on your site is either filtering the result of includes_url() or set_url_scheme(), or something is incorrectly configured causing WordPress to guess wrong in this situation, It could also be an issue in Core, but there is not enough information for the reasons to be clear yet.

To avoid SSL Mixed content warning, it is needed to force the icon to load with https

Trac ticket: https://core.trac.wordpress.org/ticket/52730