[wp-hackers] Best way to avoid mixed http/https content

Dave McHale dmchale at gmail.com
Fri Feb 28 21:50:59 UTC 2014


There are two "best" methods for avoiding content mismatch errors.
Personally I would argue that you should enforce AlwaysOn SSL, but that is
another conversation entirely and not what you asked about :)

1) Always reference over https. When you're in https mode, you obviously
won't get content mismatch errors. When you're in http mode, you can safely
reference https content. This ensures safety no matter how a site visitor
asks for a page.

2) The beginning of your absolute path does not HAVE to include the
protocol. RFC's many many years ago implemented the standard where you can
safely remove the http: or https: and just start from the double-slashes.
When you do this, the site visitor's browser will load the resource over
whatever protocol it is currently in... HTTP requests will load all of
those referenced resources over HTTP, and HTTPS requests will do so over
HTTPS.

My guess is you will want/need a plugin to enforce one of these rules on
output, but hopefully this knowledge helps get you where you need to go!

Dave


More information about the wp-hackers mailing list