HTTPS broken on RSS

  • rytestweb · Member ·

    There are images embedded in the RSS feeds, generated by wordpress.com which are not HTTPS. For example from: https://rytestweb.wordpress.com/feed/

    <img alt=” border=’0′ src=’http://feeds.wordpress.com/1.0/comments/rytestweb.wordpress.com/18/’ />

    There is also a gravatar image one that is not HTTPS.

    I’m including the content from a couple of wordpress blogs in another site, but this non-HTTPS content breaks them. This seems to affect all wordpress blogs as far as I can tell.

    Thanks.

    The blog I need help with is: (visible only to logged in users)

  • designsimply · Member ·

    <img alt=” border=’0′ src=’http://feeds.wordpress.com/1.0/comments/rytestweb.wordpress.com/18/’ />

    There is a setting to turn off enhanced feed links in wp-admin > Settings > Reading > Enhanced feeds > ”Add to each article in your feed.” Would turning them off help as a workaround in your case?

    There is also a gravatar image one that is not HTTPS.

    This one I’ll have to look into.

    Could you tell me a bit more detail about how the non-HTTPS content breaks including content from one WP site into another so I can pass that detail along? How exactly are you are you adding content from one site into another?

  • rytestweb · Member ·

    I run the “Planet Python” software to aggregate blogs for our local area:

    https://planet.birmingham.io/

    You’ll notice that main source of mixed content is a WordPress blog, if you look in the browser console (Firefox/Chrome).

    I don’t have direct control over the blogs involved, though I could ask the owners if they mind changing the setting you mention. However, I note that I would have to do this each time someone wants to use a WordPress blog through the site, so it’s not ideal.

  • designsimply · Member ·

    I checked the https://rytestweb.wordpress.com/feed/ at http://www.feedvalidator.org/ and found that feed is valid:

    http://www.feedvalidator.org/check.cgi?url=https%3A%2F%2Frytestweb.wordpress.com%2Ffeed%2F

    Based on the information you have provided so far, it sounds like whatever code you are using at https://planet.birmingham.io/ to pull in content from outside sources errors out when there is any mixed content. I believe that is a problem with how your software is aggregated but I also agree it would be better not to have fixed content in the WordPress.com feeds if it can be avoided.

    I have filed two requests based on the information you provided asking if the enhanced feed and Gravatar links you mentioned were causing you problems for https://rytestweb.wordpress.com/feed/ can either be removed or served as HTTPS when the feed is called as HTTPS.

    I also spot-checked the following posts which I found linked from https://planet.birmingham.io/ and I found that none of them are hosted on WordPress.com but are using WordPress software elsewhere and only two of the five I checked are HTTPS:

    * http://www.sicpers.info/2017/05/literate-programming-with-libreoffice/
    * http://serviceteamit.co.uk/available-tools-making-dent-wannacry-encryption
    * https://www.stickee.co.uk/james-nestoruk-wins-bypy-technology-award/
    * https://www.kryogenix.org/days/2017/05/10/public-wall-murals/
    * http://www.brucelawson.co.uk/2017/working-for-wix/

    It is worth noting that you have posted in a WordPress.com forum which is separate from the WordPress open source software which has support forums available at https://wordpress.org/support/ that are run by the volunteer open source community.

    Of those, I checked https://www.stickee.co.uk/feed/ and found that it doesn’t have either the enhanced feed image links or the Gravatar image link. I also checked https://kryogenix.org/days/feed/ and found there were several HTTP references within the content which indicates that, in that site’s case, the site itself is not setup to avoid mixed content url references.

    Even from just checking on a couple specific examples, I can see that a number of different things could be causing you issues and I believe it would actually be much easier to relax the required condition that whatever code you are using to pull in content from other sources can handle mixed content because as you’ve already mentioned it would be quite limiting to ask every blog owner, or even hosting provider, to make adjustments to avoid mixed content all together.

  • rytestweb · Member ·

    Thanks for passing on these issues.

    I’m well aware of the difference between the open source wordpress project and wordpress.com – thanks. The feed validator you mentioned, does not seem to check the HTML for https errors in the content.

    The site obviously changes from day to day, right now in the browser console, there 3 mixed content warnings, 2 are on the feeds.wordpress.com domain and the other is on badvoltage.org domain (referenced from the kryogenix feed).

    As far as I am aware there is no way to alter the fetching method to avoid these issues, other than rendering the page as http:// only, which I’m hoping to move away from.

  • designsimply · Member ·

    I’m well aware of the difference between the open source wordpress project and wordpress.com – thanks.

    Okay! Keep in mind this forum is for WordPress.com and I’ve filed issues for WordPress.com.

    I haven’t seen this problem reported by others. Because of that and because the feed does validate according to an online validator (perhaps consider HTTP in HTTPS separate from that), it may take time for the issues to be reviewed!

    As far as I am aware there is no way to alter the fetching method to avoid these issues, other than rendering the page as http:// only, which I’m hoping to move away from.

    It may not be something you can avoid since there are so many different implementations of WordPress separate from WordPress.com and many of them may not be configured to keep their HTTPS feeds HTTP-reference-free.

  • The topic ‘HTTPS broken on RSS’ is closed to new replies.