Re: HTTPS project sites

> Would love to see Infra providing a 'how many hardcoded http/https' > > > > report > > > > > for each subdomain :) > > > > > > > > > > Hen > > > > > > > > > > On Fri, Jan 13, 2017 at 5:18 PM, Christopher > > > > wrote: > > > > > > > > > > >

Re: HTTPS project sites

; > > > > > Hen > > > > > > > > On Fri, Jan 13, 2017 at 5:18 PM, Christopher > > > wrote: > > > > > > > > > In most cases, the project developers should just make sure their > > > > > JavaScript and CSS resources in their page po

Re: HTTPS project sites

gt; JavaScript and CSS resources in their page point to an HTTPS version. > > > They > > > > don't actually need to point to the HTTP location. > > > > > > > > On Fri, Jan 13, 2017, 20:06 Martin Gainty > wrote: > > > > > > > &

Re: HTTPS project sites

sure their > > > JavaScript and CSS resources in their page point to an HTTPS version. > > They > > > don't actually need to point to the HTTP location. > > > > > > On Fri, Jan 13, 2017, 20:06 Martin Gainty wrote: > > > > > > > >

Re: HTTPS project sites

> > > > > > > > > > ________________ > > > From: Christopher > > > Sent: Friday, January 13, 2017 1:17 PM > > > To: general@incubator.apache.org > > > Subject: Re: HTTPS project sites > > > > > > N

Re: HTTPS project sites

> > From: Christopher > > Sent: Friday, January 13, 2017 1:17 PM > > To: general@incubator.apache.org > > Subject: Re: HTTPS project sites > > > > No, I did not. This issue has nothing to do with same origin policy > (which > > most

Re: HTTPS project sites

Christopher, You can skip the protocol portion of the URL, and only include // http://stackoverflow.com/questions/550038/is-it-valid-to-replace-http-with-in-a-script-src-http John On Fri, Jan 13, 2017 at 12:34 PM Christopher wrote: > Hi incubating projects, > > I noticed today that at least o

Re: HTTPS project sites

___ > From: Christopher > Sent: Friday, January 13, 2017 1:17 PM > To: general@incubator.apache.org > Subject: Re: HTTPS project sites > > No, I did not. This issue has nothing to do with same origin policy (which > most users should never try to disable). It's about mixed c

Re: HTTPS project sites

From: Christopher Sent: Friday, January 13, 2017 1:17 PM To: general@incubator.apache.org Subject: Re: HTTPS project sites No, I did not. This issue has nothing to do with same origin policy (which most users should never try to disable). It's about

Re: HTTPS project sites

No, I did not. This issue has nothing to do with same origin policy (which most users should never try to disable). It's about mixed content. Accessing a site via https can give a false sense of security if the site itself depends on non-https content. In the past, many browsers would just show a

Re: HTTPS project sites

Hi Christopher did you try disabling default x-domain block for XHR request originating from Chrome? https://joshuamcginnis.com/2011/02/28/how-to-disable-same-origin-policy-in-chrome/ How to: Disable Same-Origin Policy in Chrome | Josh McGinnis