Problem/Motivation
When Shiny is installed on a site that uses SSL, some browsers will display an insecure data warning because of the link to Open Sans hosted on Google Fonts. This warning can vary in scale from degrading quietly in Chrome all the way to a full warning dialogue in Firefox and other browsers.
Proposed resolution
Rather than include the protocol in the @import statement of the CSS, as it currently is, I propose making this a non-specific protocol version. This will enable the browser to adapt the link depending on the protocol of the referring URL. A standard non-secure site will use the http protocol while an SSL site will use the https protocol, thus eliminating the error.
Remaining tasks
I've attached a quick patch that is ready for review.
Comment | File | Size | Author |
---|---|---|---|
insecure-content-warning.patch | 740 bytes | Ignigena |
Comments
Comment #1
Damien Tournoud CreditAttribution: Damien Tournoud commentedYep, that's a stupid oversight.
Comment #2
dudenhofer CreditAttribution: dudenhofer commentedApplied the patch here http://drupalcode.org/project/shiny.git/commit/e28be31
Comment #4
timaholt CreditAttribution: timaholt commentedHey opened what turns out to be a related ticket: http://drupal.org/node/1975138
Making this protocol agnostic now breaks css aggregation, because the aggregation assumes the // is a local file, doesn't find it, and drops the @import line altogether.
Comment #5
Ignigena CreditAttribution: Ignigena commentedMarking this as fixed since the CSS aggregation is a separate issue located at #1975138: CSS Aggregation breaks @import rule for Open Sans font