Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Good Morning,
I have just tried installing an SSL Certificate on a site which told me that there were unsecure items on the page. I have traced this to the Google Fonts import. Upon changing this in the style.css file my site is now secure. Maybe this should be changed in the source.
I then tried my website on the http connection and everything works correctly - so they can be entered as https:// in the css.
Bryn
Comment | File | Size | Author |
---|---|---|---|
#9 | insecure-warnings-google-fonts-ssl-1670748-7104150-2.patch | 1.21 KB | Danny Englander |
#8 | insecure-warnings-google-fonts-ssl-1670748-7104150.patch | 1.12 KB | Danny Englander |
Comments
Comment #1
devsaran CreditAttribution: devsaran commentedFor SSL,
You need to do code changes in style.css.. Change from
to
Comment #2
Homotechsual CreditAttribution: Homotechsual commentedYou can also download the font packages from Google Web Fonts and host these locally to reduce cross-site requests.
Comment #3
alibama CreditAttribution: alibama commentedconfirmed that #1 works fine - any reason not to commit this or is there a better solution all together?
Thanks
ap
Comment #4
Homotechsual CreditAttribution: Homotechsual commentedThe reason not to commit this is that not everyone wants SSL webfonts. This needs to become a theme option if it's committed with a simple on/off switch.
Failing that - bundle the google webfonts used into the theme. This is permitted as most google webfonts are GPL licensed afaik.
Comment #5
Danny EnglanderActually the proper way to do this so it will work with secure and non secure sites is to take off the http(s) entirely. It's best done as a template preprocess function. For example:
I'm not sure if this will work as @import though. I solved a recent issue for my theme this way:
#1921294: Google Fonts cause unsecure warnings when using SSL
Comment #6
Homotechsual CreditAttribution: Homotechsual commentedhighrockmedia That's great advice!
Comment #7
Danny EnglanderGoing to open this back up to supply a proper patch when I have some time.
Comment #8
Danny EnglanderHere is a patch for this. If we could get someone to test this with SSL, it would be great. I tested and did not have any issues but I did not have an SSL environment to test with. However, it should be fine otherwise.
Also to saran.quardz, the maintainer of this theme, when you commit this patch, please be sure to give proper attribution as such:
--author="highrockmedia <highrockmedia@406120.no-reply.drupal.org>"
You need to pass this option to
git commit
If you have questions about this, see: Adding a commit author
Thank you.
Comment #9
Danny EnglanderUpdating patch to include all the fonts that had been in style.css (added 'Bitter'). Disregard the patch from #8 above.