HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS. ocPortal 9 is superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

SSL Mixed Content (Images) not https on Panel_Left/_Right

Login / Search

 [ Join | More ]
 Add topic 
#110226 (In Topic #21948)

Honoured member

Hi All,

I have a page that uses both Panel_Left & Panel_Right (from the Start: page) all of which have been configured for https.

Using Google's developers tools I have ascertained that that images referenced in blocks located in P_L & P_R are not being served as https so both Firefox & Chrome are complaining that I have mixed content.

Mixed Content: said

The page at 'https://mysite.tld/index.php?page=Donate' was loaded over HTTPS, but requested an insecure image 'http://mysite.tld/themes/Golden/images/contract.png'. This content should also be served over HTTPS.
...the image being the contract button for an RSS news feed.

I had the same problem with images in the Panel_Left but worked around the problem by removing all reference to images in the "hide_if_not_in_panel" section of 'templates_custom/DOWNLOAD_BOX.tpl'

Have I misunderstood...

ocPortal Tutorial: Security said

Note that a page viewed under HTTPS will use HTTPS for all images and other embedded files. The banner will be disabled to make sure this requirement is enforced. The reason for this is that users should not get mixed environment messages that warn them about potential security problems. Template makers and coders should be careful to use the proper ocPortal mechanisms for referencing resources.

I don't want to remove the RSS from Panel_Right so what am I missing?

Any help would be much appreciated.

Back to the top


I imagine the cause of this is a block cached both on an SSL and non-SSL page.


1) Just make the whole site HTTPS (easiest way: make the base URL https and remove the ssl addon).

2) Turn off caching for the particular blocks

3) Do a super-fudge so that the blocks don't cache in the same cache signature.


[block="http://somefeedurl" title="Slightly altered title"]main_rss[/block]
[block="http://somefeedurl" title="Title"]main_rss[/block]

semihtml is so you can use line-breaks without it showing them. Alternative is to put it all on one line.

The Tempcode does different code paths based on if it is running HTTPS (SSL).

The slightly different titles in each case forces different cache signatures.

Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Support me on Patreon
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: