Request #35869

From:marahmarie: my initials (MM) (everything else, marahmarie)[personal profile] marahmarie
Account Type:Free Account
Dreamwidth:Account Name: [personal profile] marahmarie
Style: (S2) core: public, i18n: none, i18nc: none, layout: public, theme: custom, user: custom,
Email confirmed? Yes
cluster: 8; data version : 9
scheme: tropo-red
Media storage used: 24.551 MB (4.9%)
Support category:Site Interface [Previous|Next]
Time posted:Tue, 28 Feb 2017 23:06:22 GMT (29 weeks ago)
Status:closed (4 points to [personal profile] jennifer)
Summary:[HTTPS Beta] connection not secure on custom s2 style URLs
Original Request:
Getting the yellow "connection not secure" triangle in the Firefox URL bar with DW's HTTPS Beta enabled while logged into DW, but only on custom s2 styles, like so (image): https://marahmarie.dreamwidth.org/file/32998.png

Affects all custom s2 styles I have:
https://marahmarie.dreamwidth.org/?s2id=2111002
https://marahmarie.dreamwidth.org/?s2id=1023574 (and this one never stops loading, for some reason)
https://marahmarie.dreamwidth.org/?s2id=2107492

DW styles I haven't edited found in my Styles list don't have this problem:
https://marahmarie.dreamwidth.org/?s2id=2124522
https://marahmarie.dreamwidth.org/?s2id=1414619
https://marahmarie.dreamwidth.org/?s2id=2109334
https://marahmarie.dreamwidth.org/?s2id=127832

The screenshot is logged in but with cookies disabled to hide protected posts from the screen capture. Happens with or without cookies enabled, while logged in or logged out on the affected pages.
Diagnostics: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
marahmarie[personal profile] marahmarie - MM Writes
Comment (#93457)
Posted: Tue, 28 Feb 2017 23:15:35 GMT (29 weeks ago)

Also happens while logged into DW on Chrome latest and Opera latest, and in all three browsers (including Firefox) while logged in or out, and happens whether the HTTPS Everywhere add-on is enabled in any of them, or not.

marahmarie[personal profile] marahmarie - MM Writes
Comment (#93458)
Posted: Tue, 28 Feb 2017 23:23:59 GMT (29 weeks ago)

If it helps any, Chrome starts to show a green, secure padlock as the affected s2 style pages load, then changes it to the small "i" with an information warning when you click on it which say: "Your connection to this site is not fully secure". I've watched the switch from green padlock to small "i" happen three times so I'm thinking something is just not "hand-shaking" properly, but as I said on my last HTTPS Beta request, I can't guess what's going on under the hood.

jennifer[personal profile] jennifer - Jennifer
Answer (#93481)
Posted: Wed, 01 Mar 2017 20:08:57 GMT (29 weeks ago)

Hi marahmarie,

It looks like your custom styles are using content loaded insecurely from sites such as imgur.com and photobucket.com. Try making sure all the style resources are being loaded from sites that support HTTPS.

Best,
--Jen

marahmarie[personal profile] marahmarie - MM Writes
Comment (#93503)
Posted: Thu, 02 Mar 2017 13:34:20 GMT (29 weeks ago)

Hi Jen,

Thanks for the reply. That might be the case, but I thought I saw where Denise said somewhere on the site that it shouldn't matter if insecure (http:// or a mix of that and https://) content is being served say, on your Reading page, because all content on Dreamwidth is supposed to get run through "a proxy" now. I take it this proxy is what would convert http:// to https:// content. Which is the only reason I filed this request: based on what I thought she had said, it seemed I should make this report in the interest of pointing out any apparently non-proxied content to the staff.

marahmarie[personal profile] marahmarie - MM Writes
Comment (#93504)
Posted: Thu, 02 Mar 2017 13:40:49 GMT (29 weeks ago)

OK, just re-read the last News post again. Apparently I missed (or forgot about reading) this:

"Note: If you have a journal background image or custom mood theme that's accessed via HTTP and not HTTPS, you'll get a mixed content warning. To fix it, replace the image links with HTTPS versions, or host them on Dreamwidth."

So we're not proxying CSS, it seems. My bad! I'll close this ASAP, I just wanted to point out my mistake before doing so, and apologize. Thanks again for your reply.


Go to: previous open request, next open request
Return to the list of open requests.
Back to the Support Area.