Following Eric’s instructions, I switched paulschreiber.com to https.
I then had to get rid of the pesky mixed-content warnings. Most were pretty straightforward — I had a few JavaScript files and images that used absolute URLs and HTTP; I switched them to use HTTPS.
However, my flickr badge presented a problem. (It’s bothering some other people too.) While it was easy enough to swap out the <script> tag:
<script src="http://www.flickr.com/badge_code_v2.gne? count=5&display=latest&size=s&layout=h&source=user&user=37996608105%40N01" type="text/javascript"></script>
for the https version:
<script src="https://www.flickr.com/badge_code_v2.gne? count=5&display=latest&size=s&layout=h&source=user&user=37996608105%40N01" type="text/javascript"></script>
that wasn’t enough. It only changes the thumbnails, not the tracking pixel, which still points at:
<img src="http://geo.yahoo.com/p?s=792600102&t=67f50b8889e85d80a3ed5894813da604&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" />
Fortunately, geo.yahoo.com responds to HTTPS requests. I wrote a thin wrapper around this, replacing the call to flickr.com with a call to a local file:
<script src="/wp-content/themes/paul2/flickrbadge.php? count=5&display=latest&size=s&layout=h&source=user&user=3799 6608105%40N01" type="text/javascript"></script>
flickrbadge.php is a tiny script:
<?php print str_replace("http://geo.yahoo.com", "https://geo.yahoo.com", file_get_contents("https://www.flickr.com/badge_code_v2.gne?" . $_SERVER["QUERY_STRING"])); ?>
Thanks. Helps a lot on time. Fix my personal page to render the Flickr badge over HTTPS