ARTICLE AD BOX
If you’ve tried everything and the Lightbox still doesn’t open, you may be facing a mixed content issue.
How to Check
Open your site.
Open DevTools (F12).
Go to the Network tab.
Search for custom-lightbox.min.css.
Check whether:
It’s being loaded via http://
It’s blocked due to mixed content
If so, the issue is not Elementor itself — it’s the browser’s security policy.
Fix Without Modifying the Database
Instead of manually updating URLs in the database or editing generated files, I implemented a simple solution using a Content Security Policy (CSP) directive.
I injected the following meta tag into the <head>:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">This tells the browser to automatically upgrade insecure (http://) subresource requests to https:// whenever possible.
Minimal Plugin Implementation
Here is the plugin I used:
<?php /** * Plugin Name: Inject CSP Upgrade Insecure Requests * Description: Adds meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" to the HTML head. * Version: 1.0.0 * Author: Bruno Lançoni */ if (!defined('ABSPATH')) { exit; } function inject_csp_upgrade_insecure_requests_meta_tag(): void { echo "\n" . '<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">' . "\n"; } // Front-end pages. add_action('wp_head', 'inject_csp_upgrade_insecure_requests_meta_tag', 0); // Login page (wp-login.php). add_action('login_head', 'inject_csp_upgrade_insecure_requests_meta_tag', 0); // Admin pages (wp-admin). add_action('admin_head', 'inject_csp_upgrade_insecure_requests_meta_tag', 0);Instructs the browser to attempt upgrading insecure HTTP requests to HTTPS.
Does not modify the database.
Does not change server-level HTTP headers.
Does not permanently fix stored URLs.
Limitations
If the resource does not exist over HTTPS, it will still fail.
This is a client-side mitigation, not a permanent URL correction.
The proper long-term fix is to ensure all stored URLs use HTTPS.
