filestackapi HTTP content during onboarding tutorial

[chtitux]

During the onboarding tutorial, it seems some filestackapi assets are loaded with a http:// URL. Hence the "Not secure" message in the Chrome address bar :scream: . The website URL was https://welovedevs.com/app/fr/jobs?page=1 (with https://), "Not secure" was displayed because of non-https:// resources.

I was not able to reproduce and I did not know how to trigger the tutorial, so I leave that for you :-)

[chtitux]

In fact, clicking on "J'ai besoin d'aide" triggers the tutorial so the issue is easily reproducible.

The issue seems to comes from the video asset URL being in http:// in the main.js file:

You may test using //process.filestackapi.com/egDg4GhpRPCOcaGPeZqQ as URL, it will use the scheme of the current page (so https:// for production, and http:// for test if you don't have a TLS setup locally).

My tip: order a TLS certificate (on a test domain, not the prod one!) and distribute the TLS key & cert to your developers so they test the website in https:// mode, even in development.

[VincentCtr]

Hello @chtitux,

Thank you for this very detailed bug report ! It was really to find the bug and it will be fixed in the next release (probably this morning !).