[ic] area tag and https
Angus Rogerson
arogerso at uwaterloo.ca
Sun Aug 9 02:53:18 UTC 2015
On 2015-08-08, at 9:26 PM, DB wrote:
> I'm in the process of getting all of my IC5 pages to use https instead
> of http. I've made good progress, but had a question.
>
> For some search results pages I'm getting a browser warning like:
> Mixed Content: The page at 'https://domain.com/brand.html' was loaded
> over a secure connection, but contains a form which targets an insecure
> endpoint 'http://domain.com/nothing.html'....
>
> In the results.html page I found:
> <FORM ACTION="[area nothing]" METHOD=POST>
>
> If I change that to
> <FORM ACTION="[area nothing secure=1]" METHOD=POST> I get instead:
> Mixed Content: The page at 'https://domain.com/brand.html' was loaded
> over a secure connection, but contains a form which targets an insecure
> endpoint 'http://domain.com/nothing.html?mv_arg=secure%3d1'....
>
> Now if I use
> <FORM ACTION="https://domain.com/nothing.html" METHOD=POST>
>
> Then things work and I get no warning, but there must be a better way,
> no? Thanks for any thoughts.
>
> DB
>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
The area tag is probably confused about which parameter is which. It thinks that secure=1 is an mv_arg. I would try something like:
[area href=nothing secure=1]
Also consider the config directive AlwaysSecure http://www.icdevgroup.org/docs/confs/AlwaysSecure.html
and ExtraSecure http://www.icdevgroup.org/docs/confs/ExtraSecure.html
I'm pretty sure that AlwaysSecure accepts a wildcard * so [area ] always generates an https link, assuming you have a secure URL in the catalog directive.
HTH
Angus
---
Angus Rogerson, BMath, BScN, RN
Duct Tape Programmer
University of Waterloo | Retail Services | Information Systems
Visit Us Online & Right On Campus www.retailservices.uwaterloo.ca
More information about the interchange-users
mailing list