There seems to be a problem with the WordPress Theme Customiser in combination with the following setup.
1. Network in subdomain mode with primary domain (ex. network.dom) over SSL.
2. Domain mapping settings:
Administration mapping: original domain
Cross-domain autologin: yes / async
Force http/https (Only for original domain): yes
Would you like to force http/https in front-end pages: Force https
3. Sub-site (ex. site.network.dom) with mapped domain (ex. http://www.site.dom) non-ssl
When accessing the Customiser, the preview frame comes up empty in the Chrome browser.
The error in console:
Mixed Content: The page at 'https://site.network.dom/wp-admin/customize.php?url=http%3A%2F%2Fwww.site.dom%2F' was loaded over HTTPS, but requested an insecure resource 'http://www.site.dom/?customize_changeset_uuid=e195b0e7-235f-4002-…' This request has been blocked; the content must be served over HTTPS.
After changing some settings like background, the preview content will become visible all of a sudden. The message in console remains similar but apparently the browser deems it less of an issue and does not block the requests anymore.
Still, to clients seeing the empty frame at first this is so worrying that they conclude it simply "does not work" and back out of the customiser. Sadly, there is no other way to change the background image for example...
Is there any way to solve this problem? Maybe similar to how the post Preview is done by adding a &dm=bypass to the URL? I tried this manually (adding
&dm=bypass) but that has no effect (yet). Also tried changing the
?url=https%3A%2F%2Fsite.network.dom%2F but without effect.