comments.css and HTTPS

[gnh1201]

HTTPS is not applied when loading comments.css. so, I had to use a separate HTTPS calibration script (https://github.com/gnh1201/alwayshttps/blob/master/alwayshttps.js). How to fix it in HashOver?

error log (in chrome)

Mixed Content: The page at 'https://mywebsite.local/foo/bar/123' was loaded over HTTPS, but requested an insecure stylesheet 'http://hashover.local/hashover/themes/default/comments.css'. This request has been blocked; the content must be served over HTTPS.

[jacobwb]

By default, HashOver adds the CSS file using a relative path, so it should use HTTPS if the page is HTTPS, the exception is if HashOver is used remotely, which might be the case here.

I have fixed an issue in detecting HTTPS in remote contexts. This might fix the issue for you.

Please give it a try and let me know.

[gnh1201]

It dose not works. the same error.

[jacobwb]

Can you create a file with the following code, run it on your server, and post the results?

<?php

header ('Content-Type: text/plain');

$info = array ();

$headers = array ( 
    'HTTPS',
    'HTTP_X_FORWARDED_SSL',
    'HTTP_FRONT_END_HTTPS',
    'HTTP_X_FORWARDED_PROTO',
    'HTTP_X_FORWARDED_PROTOCOL',
    'SERVER_PORT'
);

foreach ($headers as $key) {
    if (!empty ($_SERVER[$key])) {
        $info[$key] = $_SERVER[$key];
    }
}

var_dump ($info);

I think HTTPS might be 1 on your setup, or you're using a port number other than 443 for SSL.

I'm currently looking into how different servers handle HTTPS setup so that I can further generalize the code to support more systems and server software.

[coffeverton]

I had this problem, fixed it by adding the variable HTTPS with value 'on'.

I'm using nginx with ISPConfig. Looks like nginx does not have this "HTTPS" variable.

I just added fastcgi_param HTTPS 'on'; inside the location @php{ block in the site config area in ISPConfig.