Domain Mapping Introduces Mixed Content Loading on HTTPS subdomains


On WP 4.8 multisite network when Domain Mapping is activated, wp-login.php fails on all subsites with HTTPS and which have no mapped domain, thus making login impossible. Users are effectively locked out of all subsites without mapped domains

Deactivating Domain Mapping eliminates the issue and login works as expected on all subsites without mapped domains.

When Domain Mapping is activated, then browser mixed content warnings are present on subsites without a mapped domain and login fails even if the unsafe scripts are allowed.

The browser warns that unsafe scripts are attempting to be loaded; however, all unsafe items listed seem to be located on the HTTPS domain of the subsite.

Subsites with mapped domains seem to behave ok, but subsites without a mapped domain cannot be logged into.

This issue began after 4.8 which made BIG changes to wp-login in order to allow site login using credentials.

Interestingly, a workaround to gain access to the subsite dashboards while Domain Mapping is active and causing this issue is as follows and once the Jetpack feature for login with credentials is activated and configured, then Domain Mapping can be reactivated so all the mapped sites on the network behave and each site with the Jetpack alternate login feature active can be accessed using that login but NOT REGULAR LOGIN

1) Disable Domain Mapping

2) Log in to a subdomain site that has no mapped domain.

3) in site dashboard Jetpack Settings security tab activate “allow login with credentials)

4) simultaneously visit and access the same subdomain site through and perform a full sync of the site

5) In dashboard in the Jetpack Settings security tab activate (or make sure it is already activated) “allow login with credentials”

6) return to subsite and login is possible using credentials

It appears something in Domain Mapping is calling for an HTTP connection even on HTTPS subsites without mapped domains.

Any assistance will be appreciated.