Mixed content block: keep your radio stream and podcasts working after Chrome 79
We will here discuss about an important update so, please, read it carefully.
Please note that is that THIS IS NOT A THEME ISSUE, is simply a security improvement of Chrome to make sure that any content from an https website is loaded using https. So, as 90% of the streaming provider don’t offer an https access yet, your radio station may be involved, meaning the music can stop playing.
Even though this is not our theme’s problem, nor we can edit our themes to bypass it, we are offering some explanation and alternative options to make sure your listeners can stay connected.
What is mixed content?
Mixed content is when your site uses https, but your radio stream, songs, images or other media are loaded in http. In this case, the content loaded over http may soon be blocked, or may require a notification acceptance to work.
No update of our theme can possibly override this block, as the block happens directly between the browser and your streaming provider. But there are different actions you can take to make sure your visitors can listen to the music properly.
First of all, please consider that nowadays about 90% of the streaming providers do not have an https version (yes, lame, but it seems most of the radio providers are stuck in the 2000s), so you have a very high change to be involved.
To know if your site has this problem, please go to your website’s homepage, play the music and open the Javascript Console (open the Developer Tools and click on Console).
If your website is involved if you see a message like this:
Mixed Content: The page at 'https://somewebsite.com/' was loaded over HTTPS, but requested an insecure audio file 'http://123.123.123:8000/stream.mp3'. This content should also be served over HTTPS.
This message means that the stream may still be working, but may stop soon (or even today as we detected on some browsers and devices!).
If you want your radio to keep on working, there are many things you can do.
We will now explain the alternative options and highlight pro and cons of each.
What to do:
- BEST OPTION: go for an https radio provider. Start by asking your provider if they already have https access, or if they’ll implement it soon, and if they aren’t offering this option, you may want to switch to an https provider. The most widely used are https://shoutca.st and https://radio.co but there are a tons more.
- ALTERNATIVE OPTION: create a relay. Switching to a new streaming provider can be a though job, so, remember you have a quick and cheap option: using streaming relay. Streaming relay is basically when you send the stream to another provider, so you send your http stream to a provider as shoutca.st offering https access, in this way, you’ll create a new URL where people can listen to your original stream via HTTPS, and this URL can be replaced to the original one in your website settings, to override the mixed content block. Is like creating a mirror, takes a couple of minutes, and doesn’t involve migrating audio contents and streaming settings.
- FAST AND CHEAP OPTION: put your site in http. Is quick, is free and works. To do that, go to Settings > General and modify the URL of your site and homepage replacing https with http. This will intantly solve the issue, but remember that your site’s connection won’t be encrypted, so is not the ideal for sites with forms or ecommerce. If you want to go for this solution and still keep your shop, you may wanna split the site shop part in a subdirectory, set it with https, and leave the root site without the shop in http.
Other contents, songs, images:
As this update involves every media of your website, including static images and mp3 files, if you switched to https after loading content, you may be still affected by the issue for your old media.
How to fix it: first of all, backup your database. Then, install a plugin called “Better search and replace” and replace the whole URL of your site with the https version (replace for instance http://yoursite.com with https://yoursite.com ).
More info
Official Chrome message
https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
A clear article explaining the update
https://blogaid.net/chrome-to-block-https-with-mixed-content-starting-december-2019/