Getting Mixed Content Error with the Plugin Thrive Ovation.

Been trying to resolve this one for a while. I have the Thrive Ovation testimonial manager, it works fine unless a subdomain site has a mapped domain. Then I get mixed content errors..

I have forced HTTPS in Admin on (WPCONFIG)
I have also Force Original HTTPS in Admin (DOMAIN MAP CONFIG)

I have also tried two plugins to FORCE HTTPS to fix mix content script errors.
None have helped so far.
-SSL Insecure Content Fixer
-Wordpress HTTPS

And I still get this continued error in the browser console.
load-scripts.php:4 Mixed Content: The page at 'https://shadowtarot.lightworkers.org/wp-admin/admin.php?page=tvo_admin_dashboard#testimonials' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://shambhalawisdom.com/wp-json/tvo/v1/testimonials?_=1493260436464'. This request has been blocked; the content must be served over HTTPS.

Any suggestions.. Thrive just tell me to speak to my Hosting Company.. We run a VPS server.

  • Adam Czajczyk
    • Support Gorilla

    Hello Adeon,

    I hope you're well today and thank you for your question!

    I tried to check that site in question but currently, it redirects me to some mapped domain, which also doesn't seem to be protected by SSL certificate.

    Here's the point:

    With no mapped domain

    You would need to have SSL certificate that protects sub-domains of the main domain, I assume you already have it though. I see that this seems to be working fine.

    With mapped domain

    You got a 'http" domain with no valid SSL mapped to the "https" original address. It's also set to redirect to the mapped domain. If you look at the source code of the site you'll notice that it's trying to fetch some JS scripts over that mapped domain - it should do this and this is correct. However, since the mappped domain is "http" and does not have a valid certificate, it will cause mixed content issues.

    The best course of an action, in that case, would be to either set the mapped domain to go over https connection and add a valid certificate for it or to find some hook in Thrive plugin to force it to load its resources from a "hard coded" original URL (sub-domain).

    Unfortunately, it's a premium plugin and I don't have any access to its code to check that for you. I know they told you to turn to your host but maybe you could ask them if there's a way to "force" plugin to load its resources (specifically its JS scripts) from an URL that you explicitly specify. That could help with the issue.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.