Open lucaju opened 4 years ago
This seems to happen when there is a call to an HTTP resource from within the document. In this specific case, there two calls for images one of which is http://cwrc.ca/templates/images/book1.gif The image is embedded in the document but I couldn't find the reference to it. @ilovan, any idea?
Don't know how to prevent that behaviour either. @ajmacdonald, any idea?
the images are referenced in the css with http URLS. Not a problem in the long run for Orlando documents, but we should make note of it if the problem occurs with other schema-css pairs
It's the same when the image is referenced in the pb element (for side-by-side display) see https://cwrc-writer.cwrc.ca/?githubPath=document.xml&githubRepo=ilovan%2FT.S.-Eliot---Old-Possum-s-Book-of-Practical-Cats-first-three-poems-
it might be worthwhile if you guys investigate it further, if there are security concerns for the users.
So this is an example of mixed content. The fix is to specify HTTPS URLs instead of HTTP. I don't think there's much else that can be done about this.
Given that images could be put in a GitHub repo if nowhere else, then this isn’t insurmountable, is it? But it will need to be well documented.
(If I’m not understanding the situation well enough then don’t take a ton of time explaining—I don’t want to mess up the channels of communication.)
On Apr 15, 2020, at 1:20 PM, Andrew notifications@github.com wrote:
So this is an example of mixed content https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content. The fix is to specify HTTPS URLs instead of HTTP. I don't think there's much else that can be done about this.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cwrc/CWRC-GitWriter-Docker/issues/4#issuecomment-614170176, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEFJIC7BFDB67CD37O3LVLRMXUHHANCNFSM4MHJNI6Q.
Found another source of HTTPS security breach: When using lookups, there are requests to preview the entity directly in the source page. For instance, when mouseover a DBPedia entity.
@ilovan Can you update the link of these images on the CSS? Instead of HTTP
use HTTPS
.
e.g.: http://cwrc.ca/templates/images/book1.gif
-> https://cwrc.ca/templates/images/book1.gif
Check if there are other images with the same issue.
These are in the Orlando CSS file. I wonder if other CSSs also have images with http
.
@ilovan If you find any other http
please replace it for https
Secured connection (https) is gone when using a permalink.
Example: https://dev-cwrc-writer.cwrc.ca/?githubPath=issues%2FCWRC-WriterBase%2F253&githubRepo=ilovan%2FGit-Writer-tests
This might have something to do with Traffik's routers configuration.