The HTTP origins cause the following issue in modern browsers when deployed to Heroku:
Mixed Content: The page at 'https://wagtaildemo-springload.herokuapp.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700'. This request has been blocked; the content must be served over HTTPS.
Only the Google Fonts and Google Maps URLs are really problematic here, but protocol-relative URLs have long been considered an anti-pattern so I also moved those to HTTPS. The GA snippet included is quite old and was also protocol-relative, so I replaced it with the latest from https://developers.google.com/analytics/devguides/collection/analyticsjs/.
Finally, I noticed that this was using two different Bootstrap CDNs – NetDNA for the CSS, MaxCDN for the JS. The latest Bootstrap docs refere to MaxCDN, so I replaced the NetDNA URL.
gasman
commented
7 years ago
The HTTP origins cause the following issue in modern browsers when deployed to Heroku:
Only the Google Fonts and Google Maps URLs are really problematic here, but protocol-relative URLs have long been considered an anti-pattern so I also moved those to HTTPS. The GA snippet included is quite old and was also protocol-relative, so I replaced it with the latest from https://developers.google.com/analytics/devguides/collection/analyticsjs/.
Finally, I noticed that this was using two different Bootstrap CDNs – NetDNA for the CSS, MaxCDN for the JS. The latest Bootstrap docs refere to MaxCDN, so I replaced the NetDNA URL.