garrettcolas
commented
8 years ago Something like this could help: http://stackoverflow.com/questions/4503135/php-get-site-url-protocol-http-vs-https
Open michidk opened 8 years ago
garrettcolas
commented
8 years ago Something like this could help: http://stackoverflow.com/questions/4503135/php-get-site-url-protocol-http-vs-https
dafrancis
commented
8 years ago You don't even need that. Using PHP to determine whether the installation is using SSL and changing the JS/CSS links accordingly would be overcomplicating the issue.
There used to be a neat hack to allow a protocol-relative url source when importing a javascript file. So rather than:
<script src="http://cdn.somecdnsite.com/javascript/libs/javascript-library.min.js></script>you'd do:
<script src="//cdn.somecdnsite.com/javascript/libs/javascript-library.min.js></script>More info on protocol-relative urls can be read on this blogpost by Paul Irish.
However, if you read that post, it notes that doing protocol-relative urls are discouraged if the resource is available over HTTPS anyway.
So with this I suggest that any external javascript/css from a cdn should be changed to use the resource over HTTPS (i.e. do a search and replace of all "http://cdnjs" and replace with "https://cdnjs".
TheSeg
commented
8 years ago Agreed to @dafrancis comments, but specifically with declaring HTTPS in all instances. Not the protocol-relative approach.
garrettcolas
commented
8 years ago Oh, that's much easier, I completely agree as well.
Currently presskit doesn't support ssl (using https://). When i connect to my presskit installation using ssl, i get multiple mixed content errors.
e.g.:
Mixed Content: The page at 'https://press.mydomain.com/sheet.php?p=template' was loaded over HTTPS, but requested an insecure script 'http://cdnjs.cloudflare.com/ajax/libs/masonry/3.1.2/masonry.pkgd.min.js'. This request has been blocked; the content must be served over HTTPS.