[HTTPS] Editors' edit button does not work while in room

[diginc]

When editors click 'edit' on my instance, where I have a apache reverse proxy doing HTTPS, the ajax call seems to be over plain HTTP and it fails. If we goto the actual song page and click edit it works OK though (it calls through HTTPS on the song page).

#Chrome error: 
“Mixed Content: The page at ‘https://room.soundtrack.myinstance.com/‘ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://soundtrack.myinstance.com/tracks/56a66f42155363412a00bde3‘. This request has been blocked; the content must be served over HTTPS.”

# Firefox Error: 
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
Blocked loading mixed active content "http://soundtrack.myinstance.com/tracks/56a66f42155363412a00bde3"

[martindale]

Nice find. I should be able to resolve this quickly. Give me just a bit.

[diginc]

I realized after digging into the code a little bit that this was probably just been my instance not having the SAFE flag set in config.js. I changed that and it seems to have been working since.

On the plus side forced HTTPS with lets encrypt hasn't had any problems since getting the safe flag in.