I have a portfolio website (https://github.com/ltbd78/portfolio) deployed on GitHub Pages (https://ltbd78.github.io/portfolio) and served on google domains (http://linsuhan.com). The insecure http://linsuhan.com site works fine but the secure https://linsuhan.come gets the following three MixedContent errors:
Mixed Content: The page at 'https://linsuhan.com/' was loaded over HTTPS, but requested an insecure script 'http://linsuhan.com/static/js/main.a0793265.js'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://linsuhan.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://linsuhan.com/static/css/main.f8417732.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://linsuhan.com/' was loaded over HTTPS, but requested an insecure favicon 'http://linsuhan.com/logo-l.png'. This request has been blocked; the content must be served over HTTPS.
I’ve been scratching my head the whole week on trying to debug where exactly exactly in my source code is this error trace coming from since I’m using ReactJS and the final build .js .css files differ drastically from the src .jsx and .scss files.
Is there a way to find out which line in my source code does this error reference?
One guess I have is linsuhan.com is requesting the insecure linsuhan.com/static/js/main.a0793265.js when the secure linsuhan.com/static/js/main.a0793265.js exists. Perhaps it’s not the content of the .js file but rather the the address. How do I have the google domain reference the https:// js file rather than the http:// js file?
Your page embeds the script via the URL
https://ltbd78.github.io/portfolio/static/js/main.a0793265.js, but that gets automatically redirected tohttp://linsuhan.com/static/js/main.a0793265.js– so this is likely an issue with your setup on the github side of things.And
https://linsuhan.comdoes not get served using a valid SSL certificate for that domain either, the certificate is for*.github.io– so people will not be able to access this directly, their browsers will show a warning, and ask them if they explicitly want to go to the site nevertheless.That’s a good point. Do you have any idea why it’s getting redirected? Would “Enforce HTTPS” and waiting 24 hours help in any way? I’ve only tried that option and waited 4 hours with no luck.