If you’re managing an OJS (Open Journal Systems) installation and facing Mixed Content errors, you’re not alone. This issue occurs when a web page is loaded over HTTPS, but some resources (images, stylesheets, or scripts) are being served over HTTP. This not only affects the security of your site but may also prevent some content from loading correctly. Here are three methods I’ve successfully used to solve this issue:

Method 1: Modify the .htaccess File

One of the simplest solutions is to modify your .htaccess file. In some cases, Gzip compression may interfere with how your content is served, especially when handling mixed content issues. By adding the following line to your .htaccess file, you can disable Gzip compression and potentially resolve the error:

SetEnv no-gzip 1

This directive disables Gzip compression on your server, which may be necessary for certain types of content. Gzip compression is typically used to reduce the size of your web pages and improve load times. However, in some cases, disabling it can help solve mixed content errors.

Method 2: Ensure Consistent URL Protocols

Mixed content errors often arise when resources (such as images, styles, or JavaScript files) are served over HTTP instead of HTTPS. To avoid this, you need to ensure that all URLs on your site, including image links and file paths, use the HTTPS protocol consistently.

• Manually update URLs: If you’re experiencing mixed content issues, inspect your web pages and manually update any URLs that are still using HTTP. This step is essential when moving a site from HTTP to HTTPS.
• Force HTTPS on all URLs: You can also configure your server to automatically redirect all HTTP requests to HTTPS. However, it’s critical to ensure that all URLs across the site are correctly updated to prevent errors.

Method 3: Modify OJS Core Files

For more advanced users, a potential solution involves making changes to the OJS core files. The exact method may vary depending on your OJS version, but one file you can look into is:

lib/pkp/classes/core/PKPRequest.inc.php

In some cases, enabling force_ssl in the OJS settings can cause issues with how the site handles requests, particularly if the server isn’t fully configured to redirect HTTP requests to HTTPS. Here’s a change I’ve implemented successfully:

/**
 * Get the protocol used for the request (HTTP or HTTPS).
 * @return string
 */
function getProtocol() {
    if (!isset($this->_protocol)) {
        $this->_protocol = (!isset($_SERVER['HTTPS']) || strtolower_codesafe($_SERVER['HTTPS']) != 'on') ? 'http' : 'https';
        HookRegistry::call('Request::getProtocol', array(&$this->_protocol));
    }
    return $this->_protocol;
}

I changed the conditional logic to ensure that both the HTTP and HTTPS conditions would consistently resolve to HTTPS. Keep in mind that modifying core files can affect future updates, so always test these changes in a development environment first.

Need Help?

Mixed content errors can be frustrating, especially if you’re not familiar with server configurations and OJS file structures. If you’re looking for expert help to resolve this issue or need assistance with other OJS-related challenges, feel free to contact us. Our team is here to help you with personalized solutions tailored to your specific needs!