hashover-next
hashover-next copied to clipboard
jacobwb
comments.css and HTTPS
HTTPS is not applied when loading comments.css. so, I had to use a separate HTTPS calibration script (https://github.com/gnh1201/alwayshttps/blob/master/alwayshttps.js). How to fix it in HashOver?
error log (in chrome)
Mixed Content: The page at 'https://mywebsite.local/foo/bar/123' was loaded over HTTPS, but requested an insecure stylesheet 'http://hashover.local/hashover/themes/default/comments.css'. This request has been blocked; the content must be served over HTTPS.
By default, HashOver adds the CSS file using a relative path, so it should use HTTPS if the page is HTTPS, the exception is if HashOver is used remotely, which might be the case here.
I have fixed an issue in detecting HTTPS in remote contexts. This might fix the issue for you.
Please give it a try and let me know.
Can you create a file with the following code, run it on your server, and post the results?
<?php
header ('Content-Type: text/plain');
$info = array ();
$headers = array (
'HTTPS',
'HTTP_X_FORWARDED_SSL',
'HTTP_FRONT_END_HTTPS',
'HTTP_X_FORWARDED_PROTO',
'HTTP_X_FORWARDED_PROTOCOL',
'SERVER_PORT'
);
foreach ($headers as $key) {
if (!empty ($_SERVER[$key])) {
$info[$key] = $_SERVER[$key];
}
}
var_dump ($info);
I think HTTPS might be 1 on your setup, or you're using a port number other than 443 for SSL.
I'm currently looking into how different servers handle HTTPS setup so that I can further generalize the code to support more systems and server software.
I had this problem, fixed it by adding the variable HTTPS with value 'on'.
I'm using nginx with ISPConfig. Looks like nginx does not have this "HTTPS" variable.
I just added fastcgi_param HTTPS 'on'; inside the location @php{ block in the site config area in ISPConfig.
