We recently spotted an issue on a client’s WordPress site where the page was loading but without any styling. Subsequent troubleshooting revealed that this was only happening in Chrome. More specifically, it was only happening on Chrome on Mac OSX.
Looking at the source code, we could see a load of resources (CSS, Javascript files etc..) being included on HTTPS (secure) links instead of HTTP. Really weird right? This wasn’t happening in other browsers. Fully clearing the browser cache didn’t help. Previously the site had been working fine… so what was going on?!
Time for a Google search! There’s an element of irony right there: turning to Google for help with an issue that turned out to be a Google bug itself.
Here’s what we found:
- Issue 505268: Forcing WordPress sites to use https even when not directed
- Chrome 44 Sending HTTPs Header By Mistake, Breaking (Some) Web Applications
In summary, the issue was as follows:
It’s now sending the
HTTPS: 1header on every request by default. This was probably meant as a security improvement, to suggest HTTPs to the server wherever possible, but it’s breaking WordPress and other webserver installations all over the place. (source)
In practice then, if a website had an SSL certificate installed and HTTPS worked without any security issues, then the broken page issue experienced above would not have happened.
I will resist the urge to assert that this was a deliberate bug, designed to wake up 1000s of website owners who haven’t yet had SSL installed on their servers. A compassionate and altruistic organisation such as Google would never do that… (!)
Will we see a boom in sales of SSL certificates in the coming weeks though? You bet!
We are convinced that SSL certificates are an essential requirement on all websites, are you? To find out more contact us.
The post Google Chrome HTTPS fail… but we still love you appeared first on BeSeen.