Website: Resources not loaded over HTTPS

[mksplg]

Dev Effort

0.5D

Description

When opening the Jpylyzer Website over HTTPS, CSS is blocked by modern browsers to avoid loading it over an unsecure connection. Images included via HTTP are loaded but show a warning in the browser's console.

To avoid this you could:

1. link all resources via their HTTPS links which works when opening the page over HTTP and HTTPS
2. use relative links

[bitsgalore]

Hi Markus, thanks for reporting this. I tried to fix this by changing the BASE_PATH link in _config.yml to https (equivalent to 1 above). In that case the blocked resources are loaded, and all the internal links to other pages on the website use HTTPS. However, this has the unwanted side-effect that any unsecure external resources are blocked, like the video link on this page:

http://openplanets.github.io/jpylyzer/usage.html

From what I understand relative paths are possible in Jekyll, but I think that would require quite a bit of fiddling with the templates. Don't have time to look into that right now, but might investigate later.

[mksplg]

I see. Probably you already saw this, but there seems to be a way to use relative URLs for GitHub pages described in the Jekyll documentation. Not sure if this helps in your case.

[bitsgalore]

OK, works now (the one unsecure resource was a Vimeo link, which I changed to https so that doesn't cause any trouble anymore).

One thing I don't understand: suppose I start from the (secure) homepage:

https://openplanets.github.io/jpylyzer/

If I then click on one of the 'latest news' items I end up here:

https://openplanets.github.io/jpylyzer/2014/02/18/Launch-of-jpylyzer-homepage

Now according to my browser this is a non-secure page (even though the URL start with https).

If I take the URL and add a trailing slash, I do end up on a secure page. See:

https://openplanets.github.io/jpylyzer/2014/02/18/Launch-of-jpylyzer-homepage/

So I really don't understand what's going on here (getting this behaviour in both Firefox and Chrome/Chromium).

[mksplg]

Without the trailing slash, GitHub seems to send back a 301 redirect with the slash added at the end and URL scheme changed to http. Not sure, but I'd say this is an issue with how GitHub configured their servers.

Adding the slash in the links would at least fix the problems on the page and also avoid the unnecessary redirect.

[mksplg]

GitHub's response to my question regarding this was:

GitHub Pages doesn't yet officially support HTTPS, even though it may appear to work. You shouldn't rely on HTTPS until it is officially supported. This is definitely something we are working towards on the github.io domain, however I can't promise when this will be announced.

[bitsgalore]

Thanks Markus for checking back with Github. Today I noticed that a DuckDuckGo search on jpylyzer returned a HTTPS link to the homepage(which was my main reason for having another look at it). At least the site now displays normally when people land there. So I may revisit this once Github officially startts supporting this.

[bitsgalore]

UPDATE: this article describes how to use HTTPS with GitHub Pages + Custom Domains. Could be the way to go for the jpylyzer pages.

[bitsgalore]

Working now after https://github.com/openpreserve/jpylyzer/commit/d9d767fddbfa2e966451582e4dc5caacf4df4ea9!