How to get rid of mixed content warning when using cookie-less domain for static content?

by notnull   Last Updated April 09, 2017 21:04 PM

When I serve all website content from same domain (https://example.com), tools like pingdom keeps yelling:

Serve static content from a cookieless domain

When I serve static content from cookie-less domain (http://cdn.example.com), Chrome says:

Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure image 'http://cdn.example.com/img/xyz.jpg'. This content should also be served over HTTPS.

How can I satisfy both conditions at the same time?



Answers 1


When I serve static content from cookie-less domain (http://cdn.example.com)

Just as the message says... Your "cookie-less domain" also needs to be HTTPS. eg. https://cdn.example.com.

Once you switch to HTTPS then everything must switch to HTTPS. It's all or nothing. This is for a reason... If you have resources on a non-secure HTTP connection then it is possible that "information" could be leaked over this non-secure connection and intercepted, which kind of defeats the point of having HTTPS in the first place.

w3dk
w3dk
April 09, 2017 20:42 PM

Related Questions




Mixed content - SSL Problem or Opencart?

Updated August 11, 2016 08:03 AM