search

oasp / oasp.github.io

Contains the content of the OASP web page available at https://oasp.github.io/
Apache License 2.0
4 stars 7 forks source link

mixed content errors #10

Open markschuh opened 7 years ago

markschuh commented 7 years ago

Fix mixed content errors caused by http URL stylesheet reference in index.html:22 and :23

Chrome 54 for example outputs on console:

Mixed Content: The page at 'https://oasp.github.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Montserrat'. This request has been blocked; the content must be served over HTTPS.

Since the font CSS URLs are also available via https either use a fixed https URL - or in case https references on http://oasp.github.io shall be avoided, use the URL in href without the protocol prefix at all.

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

sjimenez77 commented 6 years ago

Hi @markschuh, in the current build the assets are served via https. Please, check it. Thanks!