Kirby inserting non-secure URLs after upgrade

I have been using Kirby in a docker container that was generated from a v3 release in early May of this year (don’t have confirmation of the precise version, but it was downloaded as part of building the docker container on May 4th). The site operates over HTTPS.

After re-generating the docker container today (with latest Kirby release) and running it, I am now getting mixed content errors as Kirby is inserting http rather than https URLs for linked items such as CSS/JS and page links.

Was there some change in the last few months to the way URLs are generated that might be causing this? A quick search through the release notes on GitHub didn’t highlight anything immediately.


AFAIK Kirby doesn’t force HTTPS. You have to config this on the webserver.

Thanks Bart. That’s the puzzling thing - I have HTTPS configured and am specifically connecting to the site via HTTPS in this instance. Yet Kirby continues to insert non-secure links into the templates with the upgraded version.

I do also have HSTS configured on apache inside my docker container. However, this does not avoid the browser taking issue with the non-secure links.

I even tried adding the following in my config.php file, noting some comments about this in other threads.

'ssl' => true

The ssl setting doesn’t exist anymore in Kirby 3.

To my knowledge, handling of URLs wasn’t changed in recent releases.

1 Like