1999-project icon indicating copy to clipboard operation
1999-project copied to clipboard
verified publisher icon scripting

Insecure content not loaded on websites using HSTS

Open txtsd opened this issue 9 years ago • 0 comments

Description of the problem

I serve my website exclusively over https using Strict Transport Security (HSTS). 1999 requests several resources explicitly over http, creating mixed content errors. The content can only be served over https so the resources are blocked in the browser.

Steps to reproduce
  1. [First step] Set up a server (nginx) and configure HSTS
  2. [Second step] Set up the server (nginx) to reverse proxy to the 1999 server
  3. [Third Step] Visit the website you just set up and you'll see these errors in your browser
What you expected to happen

The website and its resources from fargo.io should've loaded normally

Other data

OS: Archlinux Browser: Chrome v52.0.2743.33 beta (64-bit)

txtsd avatar Jun 18 '16 19:06 txtsd