Mibew / mibew

Mibew Messenger - open-source live support application
https://mibew.org
Other
472 stars 204 forks source link

Popup returns loadStyleSheet callback without https #192

Closed snewell92 closed 7 years ago

snewell92 commented 7 years ago

The callback Mibew.Utils.loadStyleSheet does not respect SSL settings on the settings and returns an http url. This is used to load iframe.css, which will be disallowed on browsers with strict security settings.

The /chat/style/popup route should return an appropriately formed URL, so I expected the URL Generator to return an https url when SSL is turned on, but it returned http instead.

Current work around is to hackity hack the popup.js, so that any calls made into loadStyleSheet get checked with this code:

t=t.substring(0,5)=="https"?t:"https"+t.substring(4);

before the return statement

Please let me know if I have missed something, thanks for reading!

playcraft1 commented 7 years ago

If you're running Mibew under the previous said environment (#191), then it's most likely not an issue when #188 is implemented. This is not an issue for me with that fix.

snewell92 commented 7 years ago

I believe you are correct @playcraft1

faf commented 7 years ago

We need confirmation that #194 has fixed this.

snewell92 commented 7 years ago

Will confirm on 3/15 (Wednesday). This is looking good so I'll close this issue (as I am satisfied), but will reopen if issue persists.

Thanks!!