Closed studio4 closed 6 years ago
Definitely agree with the move to https and had a problem with Google maps myself this afternoon.
For OSM, it looks to me like you can supply the url you want as an option rather than having to change the library code. See the url option at http://dev.openlayers.org/docs/files/OpenLayers/Layer/OSM-js.html. There is also a protocol option for Bing maps (http://dev.openlayers.org/docs/files/OpenLayers/Layer/Bing-js.html). Not seeing anything about Google just now.
Hi Jim,
You'll know better than me what's involved in migrating over to https, I hadn't realised there was also documentation to update. Using the url option is a good workaround for now but I wonder if it might be an option to add this to change to a roadmap as I think the default should perhaps be to request images over SSL.
Many thanks Andy
In the shorter term I see that changes to the way we call OpenLayers could use the available options to default to https.
In the longer term it would be great to move to the latest OpenLayers version (4.2 as of today) I see it uses https by default for OSM (http://openlayers.org/en/latest/apidoc/ol.source.OSM.html). This would be a pretty big undertaking though.
I was just wondering how iRecord gets Google Maps by https. I see the site I was working on earlier has an out of date version of the client_helpers. The Google Maps script resource is defined with the code
$protocol = empty($_SERVER['HTTPS']) || $_SERVER['HTTPS']==='off' ? 'http' : 'https';
...
'googlemaps' => array('javascript' => array("$protocol://maps.google.com/maps/api/js?v=3" .
(empty(self::$google_maps_api_key) ? '' : '&key=' . self::$google_maps_api_key))),
@JimBacon Are you planning on implementing the changes to the way we load the OSM layers? Let me know if you'd prefer I tackle it.
I can't make time to work on this currently.
You could handle this from within jquery.indiciaMapPanel:
osm_thunder : function () {return new OpenLayers.Layer.OSM("Topografie", [
"https://a.tile.thunderforest.com/landscape/${z}/${x}/${y}.png",
"https://b.tile.thunderforest.com/landscape/${z}/${x}/${y}.png",
"https://c.tile.thunderforest.com/landscape/${z}/${x}/${y}.png"] ....
So there is no need to change OpenLayers.js
I've switched to https on the standard OSM tile layer rather than the thunderforest one as the latter requires a map key (though is very nice).
Can I suggest that /media/js/OpenLayers.js be updated to reference secure map tiles e.g.
url:['http://a.tile.openstreetmap.org/${z}/${x}/${y}.png','http://b.tile.openstreetmap.org/${z}/${x}/${y}.png','http://c.tile.openstreetmap.org/${z}/${x}/${y}.png']
be updated to
url:['https://a.tile.openstreetmap.org/${z}/${x}/${y}.png','https://b.tile.openstreetmap.org/${z}/${x}/${y}.png','https://c.tile.openstreetmap.org/${z}/${x}/${y}.png']
This applies to all map tiles referenced by http.
All major browsers warn of mixed content and there is a drive to serve all content over SSL connections as part of the secure web helped significantly with the rise of 'free' SSL providers like Lets Encrypt.
I think this should be a relatively simple change and it is backwards compatible with sites served over http.
Hope this makes sense.