I am going to test this issue thoroughly, however I now think this is the root cause:
https://github.com/modxcms/revolution/issues/6034
Something smelled familiar when looking through the repo issues, and I'm frankly shocked it was closed with little serious discussion.
Please skip down to this post to see the issue in a very simple context:
https://forums.modx.com/thread/101921/https-access-to-a-http-site-builds-absolute-https-links-for-internal-resource-links-and-caches-them-is-this-a-known-issue#dis-post-549533
I am working on a MODX 2.3.3 site trying to solve a very odd issue
assumed to be with the internal URL creation.
I have a reference to the site_url uncached for the base href. If I access the site via HTTPS the site_url shows as https, pretty much expected.
The issue is if someone accidentally accesses the site via HTTPS, MODX seems to cache some of the relative links as https; meaning there is a situation where the site is being accessed via HTTP, but some of the internal links on the page are absolute https, and following them results in cert warnings. Basically, an erroneous https link to the site can cause other users to be served https pages.
This doesn't affect wayfinder links, presumably because they are all uncached?
Is this a configuration issue? Are resource links supposed to be cached? Any idea on how to rectify this easily?
IF this is an internal link building issue, would setting the default scheme (link_tag_scheme) to 0 be the solution? Are there any downsides to this besides locking down the site to http only?
Any other theories on causes would also be welcome. Investigating it has proven nearly impossible. One thing to note is that I have had reports that some people arrive on the site via the address bar, first time visitors, and also get served via https, which might contradict the URL scheme theory.
[ed. note: johnnyp last edited this post 7 years, 1 month ago.]