An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Sunday, May 29, 2016

HTTPS Redirect And Post Editor HTTPS Warnings

Last month, as part of the SSL rollout, Blogger added a page / post / template editor feature - that not everybody understands.

A blog with "HTTPS Redirect" enabled will provide SSL access, for every reader - both those who intentionally use HTTPS, and those who normally use classic "HTTP". Those who normally use "HTTP" will find themselves redirected to "HTTPS" - no choice.

When you use page editor, post editor, or template editor, on a blog which offers "HTTPS" to everybody, you may see an alarming alert.

If you decide to enable "HTTPS Redirect" on your blog, page editor, post editor, and template editor will let you know when you are editing mixed content.

This page contains HTTP resources which may cause mixed content affecting security and user experience if blog is viewed over HTTPS.


When editing pages and posts, on a blog with "HTTPS Redirect" enabled.



Editing your template so it mixes HTTP and HTTPS may affect the security and user experience of your blog when it is viewed over HTTPS. Learn more. Hide warning


And when editing the template, on a blog with "HTTPS Redirect" enabled.



You will have several choices, when encountering the "This page contains HTTP resources ..." / "Editing your template so it mixes HTTP and HTTPS" alert.

  • Change all links to "HTTPS:", using "Fix".
  • Fix each link selectively, and select "Dismiss".
  • Don't change anything, and select "Dismiss".
  • Don't enable "HTTPS Redirect".

Change all links to "HTTPS:", using "Fix".

Select "Fix" - and page / post / template editor will automatically change every "http:" reference to "https:".

You will have broken links, which reference services and websites that do not yet support SSL. You will eventually need to find out what services and websites you link and use, that don't provide SSL - and drop them, or encourage them to upgrade.

Fix each link selectively, and select "Dismiss".

You will have broken links, which reference services and websites that do not yet support SSL. The links that you leave as "HTTP:" will still throw "Mixed Content" warnings.

Don't change anything, and select "Dismiss".

Your blog will throw "Mixed Content" warnings.

Don't enable "HTTPS Redirect".

Let your readers decide how to access the blog. The readers who use HTTPS will see "Mixed Content" warnings.

"Mixed Content" warnings will be around, for a while.

Until all blogs, services, and websites provide SSL, every blog and website that links to or uses those blogs, services, and websites is going to throw "Mixed Content" warnings.

The purpose of the warnings is to let the readers of our blogs know of possible risk.

Hey! This blog has content that may not fully support your need for security!!

That's what the warnings are designed to do. Keep our readers informed, so they can protect themselves.



Not every blog owner knows what to do, when using #Blogger page, post, or template editor, and encountering the Blogger equivalent of a "Mixed Content" alert. Blogs that have the recently added "HTTP Redirect" option enabled will be susceptible to this alert.

https://productforums.google.com/forum/#!category-topic/blogger/SHhkzy1uh8g

Dude, hit me with a comment!