Resources in minified CSS are served insecurely through CDN

[timsayshey]

I've seen this issue mentioned other places with no answer so I'll try here :)

I am using W3 Total Cache to minify CSS and store it on S3. Everything works except the fonts referenced in the CSS because the URLs are not secure.

As you can see my main reference in the HTML is secure:

<link rel="stylesheet" type="text/css" href="https://edex-wp-files.s3.amazonaws.com/wp-content/cache/minify/91a3c.css.gzip" media="all">

But the actual minified CSS file references are not secure:

    @font-face{font-family:'h5p';
    src:url('http://edex-wp-files.s3.amazonaws.com/wp-content/plugins/h5p/h5p-php-library/fonts/h5p-core-18.eot?cb8kvi');
    src:url('http://edex-wp-files.s3.amazonaws.com/wp-content/plugins/h5p/h5p-php-library/fonts/h5p-core-18.eot?cb8kvi#iefix') format('embedded-opentype'),
    url('http://edex-wp-files.s3.amazonaws.com/wp-content/plugins/h5p/h5p-php-library/fonts/h5p-core-18.ttf?cb8kvi') format('truetype'),
    url('http://edex-wp-files.s3.amazonaws.com/wp-content/plugins/h5p/h5p-php-library/fonts/h5p-core-18.woff?cb8kvi') format('woff'),
    url('http://edex-wp-files.s3.amazonaws.com/wp-content/plugins/h5p/h5p-php-library/fonts/h5p-core-18.svg?cb8kvi#h5p')
    ...

Browsers will not load the insecure files which breaks the page because the fonts won't load.

Please advise.

Thank you :)

[timsayshey]

Crazy. I found the solution but it doesn't seem right. It seems like we have a bug.

Anyway, to fix it I removed *.ico;*.ttf;*.otf;*.woff;*.woff2;*.less from the File types to import field in the CDN options.

The files are still being imported to S3 and the URLs are actually correct and secure now.

¯\_(ツ)_/¯

Any insight would be appreciated and would probably help me sleep better at night knowing that I'm not relying on a bug to get my pages working.

Thanks!