Insecure mixed content on the Hugo Themes website

[onedrawingperday]

This is an issue that I am assigning to myself about mixed content on the Hugo website. I will be opening issues to notify the various theme authors about insecure assets in their demos.

Here is a tentative list from the Netlify deploy log:

In hugo-goa/index.html:

Insecure img urls:
    http://i.imgur.com/vqMd1Mx.png
    http://i.imgur.com/dfj8MHz.png
    http://i.imgur.com/mMFfkZY.png
    http://i.imgur.com/7e67ypn.png
    http://i.imgur.com/lz3RGH9.png
    http://i.imgur.com/IPggNGk.png
    http://i.imgur.com/FW1Bdln.png
    http://i.imgur.com/vTY5GeX.png
    http://i.imgur.com/aJZQYZ6.png
    http://i.imgur.com/rGQJAF3.png

In hugo-pacman-theme/index.html:

Insecure img urls:
    http://7xlx3k.com1.z0.glb.clouddn.com/hugo-pacman-theme.png

In minimage/index.html:

Insecure img urls:
    http://img.shields.io/badge/license-MIT-blue.svg?style=flat

In purehugo/index.html:

Insecure img urls:
    http://i.imgur.com/Dsj41Rz.png

In strange-case/index.html:

Insecure img urls:
    http://i.imgur.com/i7aarpG.png
    http://i.imgur.com/oLjV8LV.png

Notes The Strange Case theme looks unmaintained. I very much doubt that I will get a response as there are unresolved issues that should have been addressed a long time ago. See: https://github.com/ExchangeRate-API/strange-case/issues

In theme/ajonp-hugo-ionic/blog/welcome/index.html:

Insecure img urls:
    http://res.cloudinary.com/ajonp/image/upload/f_auto,fl_lossy,q_auto/v1543499918/ajonp-ajonp-com/welcome/ajonp-ajonp-com-logo-round.png

In theme/alpha-church/posts/image-content/index.html:

Insecure img urls:
    http://via.placeholder.com/600x200
    http://via.placeholder.com/600x300
    http://via.placeholder.com/300x400#float-right
    http://via.placeholder.com/300x400#float-left
    http://via.placeholder.com/300x400

In theme/alpha-church/sermons/institutes-2-11/index.html:

Insecure source urls:
    http://ia801403.us.archive.org/29/items/institutes_christian_religion2_1003_librivox/institutesofchristianreligion2_11_calvin_64kb.mp3

In theme/alpha-church/sermons/table-talk-word-of-god-i/index.html:

Insecure source urls:
    http://www.archive.org/download/table_talk_martin_luther_1801_librivox/tabletalk_05_luther_128kb.mp3

In theme/hugo-myportfolio-theme/pro/the-awesome-company/index.html:

Insecure img urls:
    http://some_url.url

[onedrawingperday]

@digitalcraftsman 5 out of 8 themes that had Mixed Content have resolved the issue.

The change will be reflected the next time that themes are updated on the Hugo website.

Also if you can, please add the Keep tag to this issue, so that it's not auto-closed by the Stale Bot.

In my opinion themes with Mixed Content are unlike themes that no longer have a working demo.

So this is an issue that can be fixed whenever theme authors find the time.

[onedrawingperday]

Also this theme has Mixed Content

In theme/hugo-now-ui/components/index.html:

Insecure img urls:
    http://demos.creative-tim.com/now-ui-kit/img/now-logo.png

[onedrawingperday]

More theme demos with Mixed Content warnings:

Jane

10:34:44 PM: Mixed content detected in: /theme/hugo-theme-jane/post/jane-theme-preview/index.html
10:34:44 PM: --> insecure img urls:
10:34:44 PM:   - http://typora.io/img/inline-math.gif

Minos

10:34:59 PM: Mixed content detected in: /theme/hugo-theme-minos/index.html
10:34:59 PM: --> insecure link urls:
10:34:59 PM:   - http://gmpg.org/xfn/11
10:34:59 PM: Mixed content detected in: /theme/hugo-theme-minos/about/index.html
10:34:59 PM: --> insecure link urls:
10:34:59 PM:   - http://gmpg.org/xfn/11
10:34:59 PM: Mixed content detected in: /theme/hugo-theme-minos/categories/index.html
10:34:59 PM: --> insecure link urls:
10:34:59 PM:   - http://gmpg.org/xfn/11
10:35:00 PM: Mixed content detected in: /theme/hugo-theme-minos/categories/development/index.html
10:35:00 PM: --> insecure link urls:
10:35:00 PM:   - http://gmpg.org/xfn/11
10:35:00 PM: Mixed content detected in: /theme/hugo-theme-minos/categories/golang/index.html
10:35:00 PM: --> insecure link urls:
10:35:00 PM:   - http://gmpg.org/xfn/11
10:35:01 PM: Mixed content detected in: /theme/hugo-theme-minos/post/index.html
10:35:01 PM: --> insecure link urls:
10:35:01 PM:   - http://gmpg.org/xfn/11
10:35:01 PM: Mixed content detected in: /theme/hugo-theme-minos/post/creating-a-new-theme/index.html
10:35:01 PM: --> insecure link urls:
10:35:01 PM:   - http://gmpg.org/xfn/11
10:35:01 PM: Mixed content detected in: /theme/hugo-theme-minos/post/goisforlovers/index.html
10:35:01 PM: --> insecure link urls:
10:35:01 PM:   - http://gmpg.org/xfn/11
10:35:01 PM: Mixed content detected in: /theme/hugo-theme-minos/post/hugoisforlovers/index.html
10:35:01 PM: --> insecure link urls:
10:35:01 PM:   - http://gmpg.org/xfn/11
10:35:01 PM: Mixed content detected in: /theme/hugo-theme-minos/post/migrate-from-jekyll/index.html
10:35:01 PM: --> insecure link urls:
10:35:01 PM:   - http://gmpg.org/xfn/11
10:35:02 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/index.html
10:35:02 PM: --> insecure link urls:
10:35:02 PM:   - http://gmpg.org/xfn/11
10:35:02 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/development/index.html
10:35:02 PM: --> insecure link urls:
10:35:02 PM:   - http://gmpg.org/xfn/11
10:35:02 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/go/index.html
10:35:02 PM: --> insecure link urls:
10:35:02 PM:   - http://gmpg.org/xfn/11
10:35:02 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/golang/index.html
10:35:02 PM: --> insecure link urls:
10:35:02 PM:   - http://gmpg.org/xfn/11
10:35:02 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/hugo/index.html
10:35:02 PM: --> insecure link urls:
10:35:02 PM:   - http://gmpg.org/xfn/11
10:35:03 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/templates/index.html
10:35:03 PM: --> insecure link urls:
10:35:03 PM:   - http://gmpg.org/xfn/11
10:35:03 PM: Mixed content detected in: /theme/hugo-theme-minos/tags/themes/index.html
10:35:03 PM: --> insecure link urls:
10:35:03 PM:   - http://gmpg.org/xfn/11

[onedrawingperday]

More demos with insecure content.

In strange-case/index.html:

    Insecure img urls:
        http://i.imgur.com/i7aarpG.png
        http://i.imgur.com/oLjV8LV.png

In theme/github-project-landing-page/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/about/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/categories/development/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/categories/golang/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/post/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/post/creating-a-new-theme/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/post/goisforlovers/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

In theme/github-project-landing-page/post/hugoisforlovers/index.html:

    Insecure link urls:
        http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

[onedrawingperday]

Actually the latest deploy log from Netlify shows that there is no more Mixed Content on the Hugo Themes website since #547 was merged.

So I am closing this issue here and the relevant open issues in the various theme repos