Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secured connection (https) is gone when using a permalink #4

Open
lucaju opened this issue Apr 13, 2020 · 9 comments
Open

Secured connection (https) is gone when using a permalink #4

lucaju opened this issue Apr 13, 2020 · 9 comments
Assignees
@lucaju @ilovan

Comments

@lucaju
Copy link
Contributor

lucaju commented Apr 13, 2020

Secured connection (https) is gone when using a permalink.

Example: https://dev-cwrc-writer.cwrc.ca/?githubPath=issues%2FCWRC-WriterBase%2F253&githubRepo=ilovan%2FGit-Writer-tests

This might have something to do with Traffik's routers configuration.
@lucaju lucaju self-assigned this Apr 13, 2020
@lucaju
Copy link
Contributor Author

lucaju commented Apr 14, 2020

This seems to happen when there is a call to an HTTP resource from within the document.
In this specific case, there two calls for images one of which is http://cwrc.ca/templates/images/book1.gif Book
The image is embedded in the document but I couldn't find the reference to it.
@ilovan, any idea?

Don't know how to prevent that behaviour either.
@ajmacdonald, any idea?

@ilovan
Copy link

ilovan commented Apr 15, 2020
edited
Loading

the images are referenced in the css with http URLS.
Not a problem in the long run for Orlando documents, but we should make note of it if the problem occurs with other schema-css pairs

@ilovan
Copy link

ilovan commented Apr 15, 2020

It's the same when the image is referenced in the pb element (for side-by-side display)
see https://cwrc-writer.cwrc.ca/?githubPath=document.xml&githubRepo=ilovan%2FT.S.-Eliot---Old-Possum-s-Book-of-Practical-Cats-first-three-poems-

it might be worthwhile if you guys investigate it further, if there are security concerns for the users.

@ilovan ilovan assigned ajmacdonald and unassigned ilovan Apr 15, 2020
@ajmacdonald
Copy link

So this is an example of mixed content. The fix is to specify HTTPS URLs instead of HTTP. I don't think there's much else that can be done about this.

@SusanBrown
Copy link

SusanBrown commented Apr 15, 2020 via email

@lucaju
Copy link
Contributor Author

lucaju commented Apr 16, 2020

Found another source of HTTPS security breach: When using lookups, there are requests to preview the entity directly in the source page. For instance, when mouseover a DBPedia entity.

@lucaju
Copy link
Contributor Author

lucaju commented Aug 5, 2020

@ilovan Can you update the link of these images on the CSS? Instead of HTTP use HTTPS.
e.g.: http://cwrc.ca/templates/images/book1.gif -> https://cwrc.ca/templates/images/book1.gif
Check if there are other images with the same issue.

@lucaju lucaju assigned ilovan and unassigned ajmacdonald Aug 5, 2020
@lucaju
Copy link
Contributor Author

lucaju commented Aug 5, 2020

These are in the Orlando CSS file. I wonder if other CSSs also have images with http.

@lucaju
Copy link
Contributor Author

lucaju commented Jul 16, 2021

@ilovan If you find any other http please replace it for https

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucaju lucaju

@ilovan ilovan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@SusanBrown @ajmacdonald @lucaju @ilovan