I use python manage.py runserver $IP:$PORT, then start this page. As you can see, clound9 uses https, which causes a problem - some css or js files can't be load from other sites via http.
the browser console shows:
Mixed Content: The page at 'https://py3-pronan.c9users.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fortawesome.github.io/Font-Awesome/assets/font-awesome/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.
This site is nothing special, I'm totally ok with http, so is there a way to configure cloud9 ide to use http?
Cloud9 routes both HTTPS and HTTP traffic to your server listening on 0.0.0.0:8080.
Therefore, all you need to use HTTP is to use http://... instead of https://... in your browser :)
Related
I've got a site where I recently started using SSL and now in console I'm getting a couple of errors;
Mixed Content: The page at 'https://www.XXXXX.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Droid+Serif'. This request has been blocked; the content must be served over HTTPS.
I've read that I could specify the stylesheet as: //fonts.googleapis.com/css?family=Droid+Serif and omit the http:// or https:// and let the browser determine which scheme/protocol to use, but I'm surprised I've not seen this before and wondering if this is good practice?
For example, in my Wordpress theme development where I am frequently using wp_enqueue_style should I now use this format by default, assuming where you're calling from is able to serve both?
I'm considering just redirecting all traffic to the https version of the site, but still interested to know if this URL scheme is good practice or not?
I have a site where the client recently added an SSL certificate, since he has done this it has broke some stuff on the site, noticeably a slider on the homepage of the site.
The only thing I can see in the console is a 'Mixed Content: The page at'https://example.com' was loaded over HTTPS, but requested and insecure script 'http://ajax.googleapis.com...' This request has been blocked; the content must be served over HTTPS.
I have no idea what this means - other than the obvious that I need to get these called over HTTPS.
I have never come across this before. I tried doing a force rewrite in .htaccess which didnt work and I cant seem to understand any stuff online.
Help please!
Thanks
I have to change a domain from http to https. The running map application uses Openlayers 2.11. OL loads tile layers (Bing, Google, …) which using scripts served over http thus this site gets blocked (mixed content) in Chrome + Firefox.
For Example
Mixed Content: The page at 'https://viewer.example.com/' was
loaded over HTTPS, but requested an insecure image
'http://ecn.t2.tiles.virtualearth.net/tiles/a1202033.jpeg?g=3112'.
This content should also be served over HTTPS.
I cannot upgrade Openlayers!
What chance do I have? Is there a https Version of OL 2.11 or something like "forceSSL = true"?
Cheers,
motorama
I have a site with HTTPS configured.
My client wants me to embed a youku video. At first the browser blocked the iframe since it had HTTP protocol on it.
I changed it to HTTPS and now youku does not work. It seems youku does not support HTTPS.
is there any way around this?
Perhaps there is a service other than youku that does support HTTPS and is still suitable for that region?
hi,we had supported(sorry for later)
for example:
1
<iframe height=498 width=510 src='https://player.youku.com/embed/XMTg3Nzg4MzY4NA==' frameborder=0 'allowfullscreen'></iframe>
2
https://player.youku.com/player.php/sid/XMTg3Nzg4MzY4NA==/v.swf
3:
<embed src='https://player.youku.com/player.php/sid/XMTg3Nzg4MzY4NA==/v.swf allowFullScreen='true' quality='high' width='480' height='400' align='middle' allowScriptAccess='always' type='application/x-shockwave-flash'></embed>
Youku player serves some resources (like preview images or alternative sources for video) under http, not https - and this might be the main culprit of "partially insecure content" issue in browsers. This problem is caused by Youku player itself, it's quite possible to change the code loaded from their servers.
However, the problem can be solved in most simple and convenient way by rewriting insecure http requests on given page with secure https requests - it possible to achieve this by including CSP meta tag in page header:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
The "Content-Security-Policy" response header allows to control resources the user agent is allowed to load on given page (more information here).
What "upgrade-insecure-requests" directive does: "Instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten."
The original solution was found in this post.
When we access our home page with https url site broken up. I think because the css, js load from http & it not secure.
But what should i do to run my site in both http & https.
Why this happen ? why this not solved in default magento?
for example https://demo.magentocommerce.com/
Any help appreciated
You need to set https for unsecure base url also in order to get the css load for https. I know you want to load site in both cases i.e. http and https, but using both URLs will cause your website's SEO to decrease.
Reason for this is:
http and https will be indexed in search engine as two different URLs.
Decision is up to you, whether you want to use http or https.