Please remove hardcoded http links

Also problem with filter module if I have it on https page

Mixed Content: The page at ' https://www.domain.com/contact ' was loaded over HTTPS, but requested an insecure script ' http://www.domain.com/component/cobalt/?task=ajax.mainJS& ;Itemid=1'. This request has been blocked; the content must be served over HTTPS.

First is fixed but second is called like this

$document->addScript(JRoute::_('index.php?option=com_cobalt&task=ajax.mainJS&Itemid=1'));

so it should produce correct HTTP.

I think JRoute needs another argument $ssl - 0,1 or 2

Click here to link...

But there are also other mixed content warnings. For ex. favicon in url field and this

http://chart.apis.google.com/chart?cht=qr& ;chs=120x120&chl=geo:46.255922,15.121756600000026'.

So I think they should be changed for whole Cobalt.

Unfortunately if you change this

 http://chart.apis.google.com/chart?cht=qr& ;chs=120x120&chl=geo:46.255922,15.121756600000026

to this

 https://chart.apis.google.com/chart?cht=qr& ;chs=120x120&chl=geo:46.255922,15.121756600000026

It does not work. No HTTPS support.

klox7 I think JRoute needs another argument $ssl - 0,1 or 2

Yes, if you create full URL and in my case it creates relative URL. If I do this

var_dump(JRoute::_('index.php?option=com_cobalt&task=ajax.mainJS&Itemid=1'));

then I get this

it means that it shoud inherit what ever protocol is currently used.

Sergey https://chart.apis.google.com/chart?cht=qr&chs=120x120&chl=geo:46.255922,15.121756600000026

Is this for creating QR codees? Was this deprecated from Google?

klox7

Sergey https://chart.apis.google.com/chart?cht=qr&chs=120x120&chl=geo:46.255922,15.121756600000026

Is this for creating QR codees? Was this deprecated from Google?

I think so. But it still works. I'll wait till they completely stor serving.

That's why https isn't supported.

There still seems to be a problem with cluster images (tested in records module with map template) not serving over https if you have it enabled.

Interesting topic... I am not firm in HTTPS etc. but can't you set or force any exceptions? I mean, allow certain URLs to be regular URls?

You can do it many ways to set exceptions. One way is .htaccess but with many rules it can get messy, then you have great extension SSL Redirect from Yireo and at last you have the Joomla way which is not the best. With Joomla core https solution you have in Global parameters option to use it on entire site or backend. Then you have also option in every menu item to serve it as https. But the problem is once you go to menu item with https it stays on https if you browse further. And this is not good if you want to have only a couple of pages on https.

I decided to use the whole site on https. Why not? Users are more protected that way. It just consumes server resources a little bit more.

Also I found this on Google Blog Click here to link...

Thanks klox7! I knew about the Joomla core features and Yireo... but lacked some confirmation and real use case experience.

klox7 But the problem is once you go to menu item with https it stays on https if you browse further.

That was my primary thought and issue. What happens to "inner" links, that might not use httpS, or 3rd-party stuff I have no influence. How to make working exeptions for those...

I remember many sites I have visited, where I had the "mixed content" error messages. Really bad user experience. First I have thought it is my browser or some add-on. Thanks for your confirmation and mentioning the message in your previous comments.