Moaning about favicon.ico NOT being on https... even though it is?

ultranerds · May 27, 2015, 12:43pm

Hi,

I’m at a bit of a loss as to what to do with this issue. Hopefully I’ve posted in the right place

On my site: https://steampunkjunkies.net/

…I use SSL for the whole site. As such, all my files etc are served up on https://, to stop any “mixed content” issues. However, for some reason FF has decided to stop playing ball! IE, Safari, Chrome, etc… all show a “locked” padlock (to show its safe to make purchases on) … yet FF shows it as a “broken secure”. I get:

Loading mixed (insecure) display content “http://steampunkjunkies.net/favicon.ico” on a secure page

…yet the file is clearly using SSL:

<link rel="icon" type="image/x-icon" href="https://steampunkjunkies.net/favicon.ico" />

…and if you manually go there, surely enough it works fine!

https://steampunkjunkies.net/favicon.ico

Is this a weird glitch that I don’t know about?

TIA!

Andy

WolfShade · May 27, 2015, 12:46pm

If you’re getting a mixed load message, SOMEthing is loading without HTTPS. Just gotta find it.

HTH,

ultranerds · May 27, 2015, 1:24pm

Hi,

Yeah… but nothing is:

Thats whats so confusing Do you get that error when you visit my site? (in Firefox)

Cheers

Andy

WolfShade · May 27, 2015, 1:26pm

I work for the US DoD. Your site, unfortunately, is blocked. I can’t view it or your code.

ultranerds · May 27, 2015, 1:29pm

Ah ok - no worries. Not sure why it would be blocked though (unless the word “junkies” in the domain name is deemed a “bad word” =))

Cheers

Andy

WolfShade · May 27, 2015, 1:34pm

I work for the US DoD. They block just about anything that isn’t “mission critical”.

ultranerds · May 27, 2015, 1:42pm

hahah fair enough. Reminds me of being at school, all those years ago

Mittineague · May 27, 2015, 6:57pm

Try changing these 2 to https

<meta property="og:image" content="http://steampunkjunkies.net/2014/images/logo.png" />
<meta property="og:title" content="Steampunk Junkies" />
<meta property="og:url" content="https://steampunkjunkies.net" />
<meta itemprop="name" content="Steampunk Junkies" />
<meta itemprop="image" content="http://steampunkjunkies.net/2014/images/logo.png" />

cpradio · May 27, 2015, 7:04pm

Or to //: (remove the http in front) to make them protocol agnostic

WolfShade · May 27, 2015, 7:04pm

[quote=“Mittineague, post:8, topic:191140”]
Try changing these 2 to https
[/quote]

ultranerds · May 28, 2015, 6:09am

Hi,

Unfortunately, none of those helped The really weird/annoying thing - is that if I comment out the favicon line - it STILL moans! Its almost like FF is ignoring my own line, and trying to load a default favicon.ico file

Loading mixed (insecure) display content “http://steampunkjunkies.net/favicon.ico” on a secure page

(haha isn’t it funny when you google for this issue, and your own post comes up right on the top :D)

Any other ideas?

Cheers

Andy

Mittineague · May 28, 2015, 6:27am

When I go to
http://steampunkjunkies.net/favicon.ico
the image that loads is
https://steampunkjunkies.net/favicon.ico
and
<link rel="icon" type="image/x-icon" href="https://steampunkjunkies.net/favicon.ico" />
is referencing https

It is very strange

Is htaccess redirecting to an http source?

ultranerds · May 28, 2015, 6:37am

Thanks for the reply. Yes, its weird indeed!

The favicon is working correctly from the point of it sending to the https, as I have:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/(robots\.txt) [NC]
RewriteRule ^(.*)$ https://steampunkjunkies.net/$1 [R=301,L]

The WHOLE site is in https - so we want everything as https. The rule used to be (ages ago);

RewriteCond %{REQUEST_URI} !/(robots\.txt|favicon\.ico) [NC]

but I changed it after this issue came up. The stupid thing that is annoying me - is that it seems to be ignoring my meta tag (even if its commented out, it still comes up). I’ve commented it out now, so you can see what I mean: https://steampunkjunkies.net/

ARGH!

Jeff_Mott · May 28, 2015, 6:58am

My FF seems to be OK with it. :-/

ultranerds · May 28, 2015, 7:11am

Mmm, this gets weirder by the minute!

Its now working fine for me (with the favicon) in a “Private” window in Firefox … but still not in my main window! I’ve tried clearing cache, rebooting, etc etc… but still the same

Well, I guess as long as its working ok for others - I can live with that! I was just concerned it was putting people off making purchases, as the padlock wasn’t showing up.

Thanks everyone for the help / suggestions!

RyanReese · May 28, 2015, 9:48am

That’s exactly what’s happening. Browsers look in the root for a favicon.ico file to load. Putting that line in your pages is basically unnecessary.

ultranerds · May 28, 2015, 10:09am

So whats the point in that line existing in HTML then? Or is it just for “old” browsers?

RyanReese · May 28, 2015, 11:02am

It used to be smart to include it since not every browser looked for it.

I include it just because it’s a single line and ensures it’ll be loaded everywhere. I don’t know if 100% of browsers look automatically now. I assume they all do, but why push it?

ultranerds · May 28, 2015, 11:45am

Ah ok - I didn’t realise they automatically looked for it. Maybe I’ll just get rid of it (one less line of code per page! ;))

system · August 27, 2015, 6:49pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Favicon gone AWOL HTML & CSS	7	760	October 8, 2014
Favicon not updating Get Started	12	2598	September 3, 2010
Problem with https secure site Business ecommerce	3	488	June 1, 2010
Page is not fully secure (HTTPS), sometimes Get Started	2	473	November 1, 2011
Apache and favicon? Server Config	2	4176	February 5, 2011

Moaning about favicon.ico NOT being on https... even though it is?

Related topics