It looks from the error that there is a redirect that is http along the way. I’d start by checking that the URLs saved in WP Admin > Settings > General > WordPress Address (URL) and Site Address (URL) are both are saved as https.
Next, I’d open the browser console’s “Network” tab and attempt to download the PDF to see what URLs are called along the way. Let me know what you find.
Best,
-David
We encoutered the same issue.
Somewhere in the process the URL is redirected a couple of times.
We solved the problem (for now) by editing /wp-content/plugins/buddypress-docs/includes/templatetags.php:2203
We fixed the attachment URL:
$markup = sprintf(
'<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a>%s</li>',
$attachment_id,
$attachment_ext,
// $att_url,
sprintf( "%s?bp-attachment=%s", $doc_url, $att_base ),
esc_attr( $att_base ),
esc_html( $att_base ),
$attachment_delete_html
);
I know this is not the correct way to do it, but we needed it to work quickly.
Please update the plugin.
Hi @mikemadern,
Thanks for your message. Can you share the redirect chain from your browser console’s network pane when you are using the plugin code before your modification?
Thanks!
-David
Hi @dcavins,
I used httpstatus.io to figure out the redirects.
Status Code, Scheme, Host, Path
301, https://, extranet.leefbaarheidsteamermelo.nl, /wp-content/uploads/bp-attachments/1753/Notulen-12-januari-2021.docx
301, http://, extranet.leefbaarheidsteamermelo.nl, /?p=1753&bp-attachment=Notulen-12-januari-2021.docx
301, https://, extranet.leefbaarheidsteamermelo.nl, /?p=1753&bp-attachment=Notulen-12-januari-2021.docx
302, https://, extranet.leefbaarheidsteamermelo.nl, /documenten/notulen-dinsdag-12-januari/?bp-attachment=Notulen-12-januari-2021.docx
200, https://, extranet.leefbaarheidsteamermelo.nl, /wp-login.php?redirect_to=https%3A%2F%2Fextranet.leefbaarheidsteamermelo.nl%2Fdocumenten%2Fnotulen-dinsdag-12-januari%2F%3Fbp-attachment%3DNotulen-12-januari-2021.docx
The first redirect, to ?p=%d&bp-attachment=%s is the one to HTTP.
– Edit
Good to let you know that when attachments are not private, the problem is not there.
– Mike
-
This reply was modified 5 years, 4 months ago by
Mike Madern.
Hi @mikemadern,
That’s very helpful. Can you check that your WP site settings specify the https:// prefix? The settings are at wp-admin > Settings > General > WordPress Address (URL) & Site Address (URL)
The url that is http:// in your chain is calculated by WP’s get_permalink() function which relies on home_url(). If you’ve set an http:// address for your settings, and are relying on htaccess redirects or similar to enforce https/SSL, you will see redirects like that.
Thanks!
Hi @dcavins,
The first thing I checked 😉 worth to be noticed that the URL’s had indeed a http:// prefix and we changed it to have https://.
The problem still existed after we updated the settings.
After that we did a Search and Replace, checked the .htaccess for unusual configuration, ran a check on configured redirects, reactivated the plugins.
But no results so far.
-M
We are also having the same problem.
Works on Edge, not in Chrome.
Thanks
Here is the (correct) behavior I’m seeing, using Apache in an https environment. Let’s Encrypt is providing the SSL certificate, and all traffic is forced to https via an htaccess rule. This works for me in Chrome-family browsers and Firefox.
Using the attachment URL provided by BP Docs (most common–caused by clicking on the attachment link from the docs directory or single doc “Read” view):
200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
Results in the file being downloaded.
Request directly to the media item (should be rare):
302 https://site-name.com/wp-content/uploads/bp-attachments/{doc_id}/file_name.pdf. (This is the redirect that the file protection htaccess rule enforces.)
200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
Results in the file being downloaded.
If I purposely use http (not https) in a direct link (should be really rare—accidental, only, really):
302 http://site-name.com/wp-content/uploads/bp-attachments/{doc_id}/file_name.pdf. (This is the redirect that the file protection htaccess rule enforces.)
301 http://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
(This is a 301 because I have redirects set up in Apache so that all traffic to the site is forced over to https)
200 https://site-name.com/docs/{doc-name}/?bp-attachment=file_name.pdf
Results in the file being downloaded.
If this is not the redirect flow that you are seeing, you may need to adjust the configuration of your server.
