HTTP content on this website

Nitpick time: Got a mixed content warning from Opera when replying here. Apparently, it’s from trying to load an asset on this website, so fixing it doesn’t involve other hosts—only Discourse configuration or plugins.

EDIT: of course there’s good reasons for this warning as @NthPortal points out.

1 Like

I would like to disagree slightly and say that this is more than a nitpick. Insecure scripts could be MITM’d and used to intercept account credentials or information, for example.

From what I can tell, the script is that is used to generate the preview when editing posts/replies. I will note that the problem does not exist on, so I it should be easy to fix.


I did an upgrade a few days ago to the latest version of discourse on, but not on, this is why you got the problem only here.
They changed the markdown engine to markdown-it:
and this caused a problem with one URL.
I will try to fix that…

Ok, I did a quick hack to force https for the makdown js. It should be ok now.

1 Like

Bumping up this thread since it’s related and has crept up again in a different location, this time: a favicon. I get this mixed content warning, both from: and Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure favicon ''. This request has been blocked; the content must be served over HTTPS.

ping @fabien

I changed some settings on discourse + reverse proxy.
I did that only for for now, and it looks ok.
I will do the same for later this week.

It’s ok now on (I had to change the GitHub OAuth to switch to the Scala Center organization).