Closed jzaefferer closed 8 years ago
Though it only works on a couple of browsers now and won't work on legacy browsers which will require manually fixing these links anyway, we should consider adding <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
to each site or maybe we could add the Content-Security-Policy: upgrade-insecure-requests
header at the server to at least help modern browsers as these are all tracked down?
http://www.w3.org/TR/upgrade-insecure-requests/ http://caniuse.com/#feat=upgradeinsecurerequests
See also #118.
DB itself can't currently be accessed through HTTPS, so this isn't quite done yet. Once that is fixed on the infrastructure side, this needs more testing.
I'm not seeing any errors now. I believe this is fully fixed via combination of download builder now supporting HTTPS and 130c987a8f3d4095e7ab257632cc619a5bcf40c6.
To reproduce, go to https://jqueryui.com/download/ and observe lots of warnings on the Console. Current Chrome refuses to load "insecure" scripts, so while the download still works, all the interactive features (dependencies, theme selection) are broken.