SSL

[nikolai-b]

@usr110 the http://basemaps.cartocdn.com/light_all/ doesn't have an SSL version.

Looking at free SSL options http://codepen.io/epidemiks/details/vKZQOz

Do you like POSITRON?

I guess this isn't possible for all the shiny base maps (i.e. IMD) but hilliness looks ok as in https://server.arcgisonline.com/ArcGIS/rest/services/World_Shaded_Relief/MapServer/tile/10/338/508 works fine.

To move to SSL we also need to make sure all the images and assets are https (so things like http://maxcdn.bootstrapcdn.com/ -> https://maxcdn.bootstrapcdn.com/)

[usr110]

Thanks for looking into it @nikolai-b I don't mind any base-map for leaflet, as long as it has SSL. In terms of embed code, I was wondering whether it'd be easier to host just the la-map somewhere with SSL? We can temporarily move assets being used in the map somewhere and then generate the embed code for it. I don't think we need to use SSL for the whole application. What do you think?

[nikolai-b]

I think it is much better trying to get the whole site secure.

@Robinlovelace any idea if Oliver O’Brien would be able to allow the IMD tiles to be served over https?

[mvl22]

If you're running Apache or similar, it's pretty easy to set up an HTTP->HTTPS proxy, e.g.

ProxyPass / http://www.tiles.example.com/
ProxyPassReverse / http://www.tiles.example.com/

You can also achieve a similar thing fairly easily in code:

https://www.github.com/cyclestreets/tilecache/

[Robinlovelace]

@nikolai-b not sure. @oobrien may know. Any ideas Oliver? Many thanks for your awesome tileset btw, they've greatly improved the PCT so it's clear how sustainable transport policies interact with deprivation.

[oobrien]

@Robinlovelace @nikolai-b Yes, we have the tiles on https, as we needed them for CDRC Maps which is now pure https. e.g. https://maps.cdrc.ac.uk/#/geodemographics/imde2015/

It's a separate set but they should look the same. The tiles are at https://maps.cdrc.ac.uk/tiles/imd2015_eng/{z}/{x}/{y}.png

[Robinlovelace]

Many thanks for the swift reply Oliver.

[oobrien]

Just to add there is CORS on there, with an Access-Control-Allow-Origin header and an allowed domains list. I can add in the domains you need to use, if you let me know them.

[Robinlovelace]

Please add these (sound good?):

pct.bike
npct0.vs.mythic-beasts.com

@nikolai-b may have further comments.

[usr110]

I think it is much better trying to get the whole site secure.

Agreed

Thanks @oobrien Can you tell us what are the tiles for building and labels in HTTPS? (as mentioned here: https://github.com/npct/pct-shiny/issues/87#issue-112841720)

[usr110]

Great job, Nikolai 👍

[oobrien]

@usr110 If you just substitute http://tiles.oobrien.com for https://maps.cdrc.ac.uk/tiles/ then that should work.

[oobrien]

@Robinlovelace Have added those to the CORS accept list.

[usr110]

Thanks @oobrien, @nikolai-b took care of it.