Closed alexfoias closed 3 years ago
The warning will show up if the page delivers anything over an unsecure channel. One quick way to detect what is non-secure is to filter the html source for stuff (links, images) using http
urls. I see a few on the main page:
<link rel="canonical" href="http://www.spinalcordmri.org/">
-> canonical url of page. I think 3ea0ca44feb33e1e5ccb8260186147cb36277e82 should fix this.
<link type="application/atom+xml" rel="alternate" href="http://www.spinalcordmri.org/feed.xml" title="Spinal Cord MRI">
link to rss feed
<a href="http://forum.spinalcordmri.org" target="_blank">Forum</a>
-> link to forum
<img src="http://www.spinalcordmri.org/assets/cover_spinalcordmri_book.jpg" alt="My helpful screenshot" style="float: left; margin-right: 25px">
-> the picture on the main page. I assume 3ea0ca44feb33e1e5ccb8260186147cb36277e82 should fix this as well.
@alexfoias Does https://spinalcordmri.org/ already include your changes?
You can use the web developper tools in your browser (F12), open the html inspector and look for http
urls.
@Drulex The current online version doesn't include my change. I tried to build it locally, but I cannot see the secured pages.
I cannot see the secured pages
Do you mean you can't see the page at all or that the page is still insecure? Basically any http
in the repo needs to be replaced with https
directly or indirectly.
I mean when running: bundle exec jekyll serve
I mean when running:
bundle exec jekyll serve
jekyll serve
will serve over localhost which is not the domain on the certificate (spinalcordmri.org
), therefore it cannot verify your changes with that.
You could add an entry to your hosts
file such as: 127.0.0.1:4000 spinalcordmri.org
to fool the browser into making the SSL connection (although I'm not 100% sure all cases would be covered, it's better to test with the real web server)
But like I said, all non-https URLS in the codebase would need to be changed first to be https
.
If you want you can assign this to me.
@Drulex Yes, you can do the changes.
@jcohenadad Is it okay if @Drulex fixes the non-https URLS in the codebase ?
Implemented some solutions from here: https://blog.webjeda.com/jekyll-ssl/ I also enforced ssl from GH settings, but we are using a custom domain.
Just took a look at link above and since we are using a custom domain I don't think github pages can serve the SSL. We can give it a try by merging this.
@jcohenadad @Drulex Should we give it a try and merge ?
@jcohenadad Could you please approve this PR to give it a try ? thanks
Fixes #68.
The problem seems to come from the image on the home page Implemented some solutions from here: https://blog.webjeda.com/jekyll-ssl/ I also enforced ssl from GH settings, but we are using a custom domain. When tested in local I cannot see the page secured (maybe because of custom main). Maybe we can push the changes to master and than check if they do the job.
Maybe @Drulex has better suggestions.