Closed DilumAluthge closed 6 years ago
Thanks. I'll need to take some time to look into how to fix this on GitHub Pages, but I'm certainly open to pull requests in the mean time.
I think the best solution would be to enforce HTTPS (i.e. redirect from HTTP to HTTPS). The steps to enable that on GitHub Pages are found here: https://help.github.com/articles/securing-your-github-pages-site-with-https/#enforcing-https-for-your-github-pages-site
Once HTTPS is enforced, we can change all "http://" links to "https://" links. I have opened a PR (#28) that accomplishes this.
HTTPS enforced on the site, and PR merged and deployed. Thanks so much!
I had to revert that PR. I guess I didn't look over that PR close enough... it broke all the SVGs because it changed their xmlns
to HTTPS. I've reverted it for now, I can come back to this sometime this week but only the repostatus.org URLs can change.
Ah crap. That’s what I get for using sed and not checking the results.
I’ll make another PR.
On Sun, Aug 5, 2018 at 14:35 Jason Antman notifications@github.com wrote:
Reopened #27 https://github.com/jantman/repostatus.org/issues/27.
— You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/jantman/repostatus.org/issues/27#event-1771703289, or mute the thread https://github.com/notifications/unsubscribe-auth/AFXArRIb4hlmSivl2ZgB2MYp6NGJJfTAks5uNzrbgaJpZM4Vpt8m .
--
Dilum Aluthge
dilum@aluthge.com dilum@aluthge.com
@jantman Alright, take a look at #30, which only changes the repostatus.org URLs, the semver.org URLs, and the Google Javascript hosting URLs.
I've merged #30 and it looks good to me. If anyone has problems, please open an issue.
Thanks so much, @DilumAluthge
When accessing https://www.repostatus.org, multiple pieces of content are still served over HTTP.
For example, jQuery is loaded from
http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
. Additionally, all of the badge images are loaded fromhttp://www.repostatus.org/badges/latest/[STATUS].svg
.As a result, accessing https://www.repostatus.org results in a mixed-content warning.