Title: Breaks SSL with static HTTP include
Last modified: September 3, 2016

---

# Breaks SSL with static HTTP include

 *  [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/)
 * In workbox-video-from-vimeo-youtube-plugin/workbox_video.php there is a line 
   of PHP that enqueues jQuery externally from ajax.googleapis.com with a static
   unsecured (HTTP) URL.
    `wp_enqueue_script('jquery', '//ajax.googleapis.com/ajax/
   libs/jquery/1.7.2/jquery.min.js');`
 * I’m not sure that it’s the best practice to include external jQuery libraries
   when WordPress already include the core jQuery files internally. Regardless, 
   this link breaks the SSL certificate on my site because of a “Mixed Content” 
   error. I fixed this by simply removing the “http:” from the link so that it will
   dynamically switch from HTTP to HTTPS depending on the URL used to render my 
   site. This may not be the most comprehensive solution, and it is still loading
   this resource externally when an internal reference might be smarter, but this
   was my quick fix:
    `wp_enqueue_script('jquery', '//ajax.googleapis.com/ajax/libs/
   jquery/1.7.2/jquery.min.js');`
 * Please fix this in the next release so that I can download your updates without
   breaking my site again!
 * Thanks.
 * P.S. More stars are awaiting your positive response and resolution 😉

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Thread Starter [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8018998)
 * Sorry, just noticed my typo, your code was actually:
    `wp_enqueue_script('jquery','
   http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js');`
 * My fix was to take the “http:” out so that it would work with SSL:
    `wp_enqueue_script('
   jquery', '//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js');`
 *  [John](https://wordpress.org/support/users/kcrnc/)
 * (@kcrnc)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8019008)
 * Yeah just noticed this after it broke one of my sites. Opened a bug on the forums,
   hopefully he will fix.
 * All around wrong…forcing a different non-standard version of jquery is taking
   on the responsibility that it will not break wordpress or other plugins expecting
   wordpress’s version.
 * Plus it rather nicely breaks SSL sites.
 *  Plugin Author [Workbox](https://wordpress.org/support/users/workbox/)
 * (@workbox)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8019011)
 * Eli, John, we fixed this. Please try it out!
 *  Thread Starter [Eli](https://wordpress.org/support/users/scheeeli/)
 * (@scheeeli)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8019012)
 * Thanks for fixing the issue I originally reported 4 months ago but I am not using
   the plugin any more.
 * I checked out your new code (it’s a little strange that you don’t keep the old
   versions in the svn repo) anyway, I see you are using wp_enqueue_script to include
   the stock version of jquery without any custom source URL, that’s good, but I
   also noticed that your iframe code still has the same problem with breaking SSL
   certs on a secure site because you are using static ‘[http://&#8217](http://&#8217);
   link to vimeo and youtube in the src.
 * I mentioned before that you could use ‘//’ to start your links to either http
   or https dynamically. So, for example your could change your vimeo iframe code
   to this and it would work on secure and insecure sites:
    $saveArray [‘code’] 
   = ‘<iframe src=”//player.vimeo.com/video/’ . $vimeo_key [0] . ‘?title=0&byline
   =0&portrait=0&color=6fde9f” width=”‘ . $width . ‘” height=”‘ . $height . ‘” frameborder
   =”0″ webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>’;
 *  Plugin Author [Workbox](https://wordpress.org/support/users/workbox/)
 * (@workbox)
 * [10 years, 1 month ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8019013)
 * Hi Eli, thanks again for your note! We fixed this in the new version of the plugin!
   Please let us know if you have any questions!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Breaks SSL with static HTTP include’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/workbox-video-from-vimeo-youtube-
   plugin.svg)
 * [Workbox Video from Vimeo & Youtube Plugin](https://wordpress.org/plugins/workbox-video-from-vimeo-youtube-plugin/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/workbox-video-from-vimeo-youtube-plugin/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/workbox-video-from-vimeo-youtube-plugin/)
 * [Active Topics](https://wordpress.org/support/plugin/workbox-video-from-vimeo-youtube-plugin/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/workbox-video-from-vimeo-youtube-plugin/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/workbox-video-from-vimeo-youtube-plugin/reviews/)

 * 6 replies
 * 4 participants
 * Last reply from: [sheblogs2016](https://wordpress.org/support/users/sheblogs2016/)
 * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/breaks-ssl-with-static-http-include/#post-8019014)