Insecure content images and js over ssl using htaccess

Question

I have the following htaccess file:

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !ssl

....// lots of rewrite rules

RewriteCond %{SERVER_PORT} ^443$
RewriteCond $1 !^ssl
RewriteRule (.*) http://www.mydomain.com/$1 [R,L]
RewriteCond %{SERVER_PORT} ^80$
RewriteCond $1 ^ssl
RewriteRule (.*) https://www.mydomain.com/$1 [R,L]

Basically when I load a secure page I get lots of insecure images and js being loaded how can I modify my htacccess to get this content loading securely.

Note that the folder for the images and js are

/js 
/images

and secure content is served from /ssl

Thanks

Answer 1

Add this to your header section

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

This meta tag will automatically upgrade all http requests to https request. However your images must be available in https, otherwise, it will not be shown (ignored). This is the fastest way to fix mixed-content in secured pages.

Answer 2

when you're browsing a secure web page that contains non-secure content like this case(e.g image), browsers DO NOT send referrer header,So there is no server side solution to find out this is requested from secure web page or not?
you have to use relative path for those files to served securely!

Answer 3

You can prevent redirect, for the images and js folder, by putting this at the top of your htaccess:

RewriteRule ^(js|images)/ - [L]

Also make sure you only use relative or root-relative (or protocol-relative) urls for referencing images and javascript files.