search

jquery / jqueryui.com

jQuery UI web site content
https://jqueryui.com
Other
132 stars 113 forks source link

Mixed content errors when loading with HTTPS #124

Closed jzaefferer closed 8 years ago

jzaefferer commented 8 years ago

To reproduce, go to https://jqueryui.com/download/ and observe lots of warnings on the Console. Current Chrome refuses to load "insecure" scripts, so while the download still works, all the interactive features (dependencies, theme selection) are broken.

kborchers commented 8 years ago

Though it only works on a couple of browsers now and won't work on legacy browsers which will require manually fixing these links anyway, we should consider adding <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> to each site or maybe we could add the Content-Security-Policy: upgrade-insecure-requests header at the server to at least help modern browsers as these are all tracked down?

http://www.w3.org/TR/upgrade-insecure-requests/ http://caniuse.com/#feat=upgradeinsecurerequests

jzaefferer commented 8 years ago

See also #118.

jzaefferer commented 8 years ago

DB itself can't currently be accessed through HTTPS, so this isn't quite done yet. Once that is fixed on the infrastructure side, this needs more testing.

scottgonzalez commented 8 years ago

I'm not seeing any errors now. I believe this is fully fixed via combination of download builder now supporting HTTPS and 130c987a8f3d4095e7ab257632cc619a5bcf40c6.