Welcome, Guest
Username: Password: Remember me

TOPIC: Use https for external scripts and stylesheets?

Use https for external scripts and stylesheets? 5 months 2 weeks ago #253


  • Posts:5
  • Marco's Avatar
  • Marco
  • New Member
  • OFFLINE
Dear Christoph, all,

I tried to switch my site from http to https (secure http), because google/chrome does not like plain http, in particular when you have a login form on you page (standard with joomla). However, when I do that, I get warnings that scripts and .css files are loaded via standard non-secure http. Would it be possible to switch all that to https? I have made a pull request in git: github.com/ChristopheSeg/J-TrackGallery/pull/34

A similar change would be needed for the jtrackgallery plugin. Is this code also available on git?

Best regards,

Marco.
The administrator has disabled public write access.

Use https for external scripts and stylesheets? 1 month 3 days ago #367


  • Posts:121 Thank you received: 11
  • Christophe's Avatar
  • Christophe
  • Administrator
  • OFFLINE
First of all , sorry for being so long responding.
I will investigate you commit soon. I think there is some trouble with some link such as dev.openlayers.org/theme/default/style.css. When using Firefox, the page is not loaded because only dev.openlayers.org/theme/default/style.css exists (no secured external website).

In fact, if your site use https, every included code should also use https (the reason for warnings that scripts and .css files are loaded via standard non-secure http)

However, when using Opera browser, if your site uses https, browsing dev.openlayers.org/theme/default/style.css generate a warning "invalid certificate" but user is invited to continue "at its own risk". Did you experience this issue after switching most http to https?

I must investigate to find the best solution.
1- all existing https link (google and some others) should be used in the code
2- for links without existing https page (dev.openlayers.org/theme/default/style.css ... )
2-a: keep http if your website use http
2-b: replace by https but this will issue a warning in most browsers for non existing page.
2-b: OR insert the whole code (css, js ) in J!TrackGallery component
Christophe
J!TrackGallery developper
The administrator has disabled public write access.

Use https for external scripts and stylesheets? 1 month 2 days ago #368


  • Posts:5
  • Marco's Avatar
  • Marco
  • New Member
  • OFFLINE
Hi Christoph,

I agree with the questions that you raise. It's a while ago that I played with this, but f I remember correctly, the problem with the certificates on dev.openlayer.org prompted me to download and include a few files in the jtrackgallery repository. Some of the openlayer code/style files were already in jtrackgallery I think, maybe because you had made some changes to them? The number of files that I had to include was limited, I think.

If you want to test a bit, my version of the code is running on gta-trek.eu/
However, I did not test what happens when you access the site over non-secure http...

Marco.
The administrator has disabled public write access.

Use https for external scripts and stylesheets? 1 month 2 days ago #369


  • Posts:121 Thank you received: 11
  • Christophe's Avatar
  • Christophe
  • Administrator
  • OFFLINE
Thanks for these information.

About your website, it's freezing when zooming. This is caused by Bing improper API Key. See my next post on this forum.
Christophe
J!TrackGallery developper
The administrator has disabled public write access.
Time to create page: 0.167 seconds