Images loading with wrong protocol

[envycontent]

Images are loading with the wrong protocol over https [e.g. in _header.html.erb [link below]). Looking at the documentation, I couldn't understand why the images are loading with a full URL - image_tag etc should just provide an absolute path from the root of the site.

I think I've tracked this down to here (though I'm not 100% sure - there's also a hack in application_helper.rb [see link below] which turns this off for javascript and css) -

https://github.com/ox-it/talks-oxford-talks-ruby/commit/316ad205c49330f5db1d221b571054832d09a084

these tweaks were made in order to load images properly when templates are embedded remotely. The problem we have is that there is no difference between templates used for the talks.ox website and templates that are intended for embedding (see the documentation at http://talks.ox.ac.uk/document/Embed%20a%20Feed).

Any ideas on how I can tackle this would be very welcome!

https://github.com/ox-it/talks-oxford-talks-ruby/blob/master/app/helpers/application_helper.rb

https://github.com/ox-it/talks-oxford-talks-ruby/blob/master/app/views/shared/_header.html.erb

[ghost]

Is this specifically the changes to config.action_controller.asset_host?

It looks like the asset helpers will take this into account:

http://api.rubyonrails.org/classes/ActionView/Helpers/AssetUrlHelper.html

[camallen]

Hi @envycontent,

Can you provide a URL of the issue? I assume you mean that you are requesting a https page and you are requesting http://image_url (or vice versa). Cam

[envycontent]

http://talks.ox.ac.uk/dates/2014/1/20

but any page loads a few images. Here's the original ticket:

When I login to oxtalks I don't get a full padlock in the browser because all the images in the page are getting loaded over http rather than https. These are the items mentioned in the Chrome console:

The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/search.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/az.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/contact.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/OxfordTalksLogo.png?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/identifier2-ox.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 4The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/redarrow.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:1 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/search.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:28 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/az.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:28 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/contact.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:28 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/OxfordTalksLogo.png?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:33 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/identifier2-ox.gif?1384784536': this content should also be loaded over HTTPS. talks.ox.ac.uk/:35 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/redarrow.gif?1384784536': this content should also be loaded over HTTPS. (index):85 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/redarrow.gif?1384784536': this content should also be loaded over HTTPS. (index):86 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/redarrow.gif?1384784536': this content should also be loaded over HTTPS. (index):87 The page at 'https://talks.ox.ac.uk/' was loaded over HTTPS, but displayed insecure content from 'http://talks.ox.ac.uk/images/redarrow.gif?1384784536': this content should also be loaded over HTTPS. (index):88

[camallen]

@envycontent Got it!

If it is the #url_for_view method and assuming you are using Rails 1.2.5

I suggest checking the protocol before assuming http, i.e.:

list_url( options_hash( custom_view, { :only_path => false,:id => custom_view.list_id, :protocol => "http" }.merge(extra_options)) )

could become

# https://github.com/rails/rails/blob/v1.2.5/actionpack/lib/action_controller/request.rb#L157
list_url( options_hash( custom_view, { :only_path => false,:id => custom_view.list_id, :protocol => request.protocol }.merge(extra_options)) )

Have you got a test server you can try it on?

[envycontent]

@camallen Magic - thanks I'll investigate further. Yes, we've got a test server but need to ask sys admin to deploy so it could take a few hours ....

[envycontent]

Hum, now, after looking a bit, I'm not sure that that's where the problem lies (see below). I'm tempted to chalk this up to 'yet another reason for a re-write' and leave it at that.

Here are the main offenders (app.helpers.application_helper):

   def arrow(alttext = 'details')
     return image_tag InstallationHelper.CURRENT_INSTALLATION.arrowURL, :alt => alttext
   end

   def favicon_tag
      tag("link", "rel" => "shortcut icon", "href" => image_path(InstallationHelper.CURRENT_INSTALLATION.favIconURL))
   end

One uses the inbuilt image_tag and the other the inbuilt image_path. As far as I can see these should be picking up on the changes to config.action_controller.asset_host, which should be detecting the correct protocol:

config.environment

  # This is neccessary to make the images in embedded feeds work
  config.action_controller.asset_host = Proc.new { |source, request|
    "#{request.protocol}#{request.host_with_port}"
  }

[camallen]

@envycontent, have you got this running on a dev machine we could hack on?

It may well be that the code is overriding the normal rails asset tags in some places but not others hence the mismatch. The easiest way is to figure out which line is creating the image tag and then figure out how the protocol is being assigned, i.e. run a debug with breakpoints to figure it out