One of Netlify's DNS servers is returning a 301 redirect to HTTP which is causing browsers to block my script due to mixed content

Site: https://ikeono-widget.netlify.app/ikwshim.js

For some reason when a request is made there is one server that is doing a 301 redirect to an HTTP version of my site which is causing Chrome/Firefox to block the script due to mixed content. I understand that the redirect includes the HSTS header which forces HTTPS, but this is not working.

Notes:

  • I am making all requests over HTTPS
  • This is a script to load an embed
  • I’ve confirmed with wget that sometimes the script loads with a proper HTTPS redirect, and other times it does not
  • I’ve tried adding my own redirect rule in netlify.toml to force a HTTPS redirect, however this does not work since the host lookup comes first
  • I am not using a custom domain
  • I first noticed this issue yesterday afternoon around 3PM EST
  • Attached image containing multiple images because this editor only allows one image. (please right click on image and view in new tab)
    1. Shows blocked content
    2. Shows Firefox network request with the invalid HTTP redirect
    3. 2x wget requests. One is expected behavior, the other is the bad HTTP. These requests were made within minutes of eachother

Example wget request that shoes the redirect to HTTPS (good)

➜ ~ wget https://ikeono-widget.netlify.com
--2021-04-28 14:25:45-- https://ikeono-widget.netlify.com/
Resolving ikeono-widget.netlify.com (ikeono-widget.netlify.com)... 161.35.60.200, 67.207.80.24
Connecting to ikeono-widget.netlify.com (ikeono-widget.netlify.com)|161.35.60.200|:443... connected.
**HTTP request sent, awaiting response... 301 Redirect**
:white_check_mark:**Location: https://ikeono-widget.netlify.app/ [following]**
--2021-04-28 14:25:45-- https://ikeono-widget.netlify.app/
Resolving ikeono-widget.netlify.app (ikeono-widget.netlify.app)... 52.73.153.209, 64.227.12.111
Connecting to ikeono-widget.netlify.app (ikeono-widget.netlify.app)|52.73.153.209|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 301 [text/html]
Saving to: ‘index.html.21’

Example wget request that shows the 301 redirect to HTTP (bad)

➜ ~ wget https://ikeono-widget.netlify.com

--2021-04-28 15:12:26-- https://ikeono-widget.netlify.com/
Resolving ikeono-widget.netlify.com (ikeono-widget.netlify.com)... 52.73.153.209, 157.245.242.152
Connecting to ikeono-widget.netlify.com (ikeono-widget.netlify.com)|52.73.153.209|:443... connected.
**HTTP request sent, awaiting response... 301 Moved Permanently**
:x:**Location: http://ikeono-widget.netlify.app/ [following]**
URL transformed to HTTPS due to an HSTS policy
--2021-04-28 15:12:26-- https://ikeono-widget.netlify.app/
Resolving ikeono-widget.netlify.app (ikeono-widget.netlify.app)... 52.73.87.228, 67.207.81.229
Connecting to ikeono-widget.netlify.app (ikeono-widget.netlify.app)|52.73.87.228|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 301 [text/html]
Saving to: ‘index.html.31’

1 Like

I am getting the exact same issue! I am iframing in content from my netlify site to another website but it seems to be giving me http instead of https and causing chrome to give a mixed content error and the iframe stays blank. It seems to be happening at random as sometimes I do not get the error. This seems to be happening to others who I have talked to as well. I am also not using a custom domain. I noticed this on Tuesday of this week.

1 Like

Real quick change the .com to .app for the website link your calling to and see if that works for you. I just did with my iframes and it seems like it might work now.

1 Like