search

sympy / planet-sympy

The planet SymPy sources
https://planet.sympy.org/
13 stars 49 forks source link

Fix loading the site over https #76

Closed asmeurer closed 6 years ago

asmeurer commented 6 years ago

This should fix mixed content warnings when loading the page over https.

I don't know how to test this, other than by merging it. CC @certik

This is the full console log when loading https://planet.sympy.org:



(index):1 Mixed Content: The page at 'https://planet.sympy.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oxygen:400,700,300'. This request has been blocked; the content must be served over HTTPS.
(index):24 Uncaught ReferenceError: applyConfig is not defined
    at (index):24
syndication.twitter.…pression%22%7D%7D:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
(index):51 Uncaught ReferenceError: applyConfig is not defined
    at onload ((index):51)
jot:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
(index):1 Mixed Content: The page at 'https://planet.sympy.org/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oxygen:400,700,300'. This request has been blocked; the content must be served over HTTPS.
asmeurer commented 6 years ago

OK, I didn't notice there is a testing site at https://github.com/planet-sympy/planet.sympy.org-test. I pushed the branch up to origin. It should push it there.

asmeurer commented 6 years ago

At least on the test site there are also warnings like 

Mixed Content: The page at 'https://planet-sympy.github.io/planet.sympy.org-test/' was loaded over HTTPS, but requested an insecure image 'http://latex.codecogs.com/svg.latex?\dpi{300}&space;\large&space;2^n'. This content should also be served over HTTPS.

In other words, one of the posts has a http:// link to an image. But I think it's just a warning (the image still loads). At least that's the behavior in Chrome.

asmeurer commented 6 years ago

Ignore the twitter thing in the log. That's just my adblocker.

certik commented 6 years ago

I think my firefox blocks it. But that's not our problem I think. People should use https, if they don't, their stuff might not load.

asmeurer commented 6 years ago

OK, it works now. After disabling my adblocker, https://planet.sympy.org/ loads just fine, and these are the only warnings in the console:

VM133:24 Uncaught ReferenceError: applyConfig is not defined
    at VM133:24
(anonymous) @ VM133:24
(index):51 Uncaught ReferenceError: applyConfig is not defined
    at onload ((index):51)

which I think are unrelated (I get them with http:// as well).

I'm going to enable forced https for planet.sympy.org.

asmeurer commented 6 years ago

I was trying to find the blocked image (I think it was part of an older post on the test site). When I click the "old entries" button at the bottom, I just get an empty page. I don't know if that is a recent breakage.