Bug 849076 - openshift drupal cartridge sends links to insecure css and js include files when in https mode
openshift drupal cartridge sends links to insecure css and js include files w...
Status: CLOSED WONTFIX
Product: OpenShift Origin
Classification: Red Hat
Component: Templates (Show other bugs)
2.x
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Clayton Coleman
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-17 04:57 EDT by clive darra
Modified: 2015-05-14 22:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-12 22:00:12 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description clive darra 2012-08-17 04:57:35 EDT
Description of problem:
openshift drupal cartridge sends links to insecure include files in https mode

Version-Release number of selected component (if applicable):


How reproducible:
everytime

Steps to Reproduce:
1. build a openshift drupal vm
2. run google chrome browser
3. goto https version of site (ie https://drupal-osde8info.rhcloud.com/)
  
Actual results:
layout is badly broken because chrome is blocking insecure css and js files

<style type="text/css" media="all">@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style>

<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script>
<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script>
<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script>
<script type="text/javascript">

Expected results:

https layout should be same as http layout

includes should all be prefixed with https instead of http

Additional info:

might be upstream drupal issue ?

workaround use seamonkey instead of chrome
Comment 1 Clayton Coleman 2012-08-19 21:55:47 EDT
This could be specific to the apache config in the quickstart.  Vojtek might be a good candidate to look at this.
Comment 3 Vojtech Vitek 2012-08-22 14:34:29 EDT
Seems like the website uses insecure content from external sites (javascript fonts etc.) - so it's not about Apache settings.

The external links should be switched to https:// as well, if possible, or the files should be downloaded and served internally using secure connection.

From Chrome console:
> The page at https://www.alfresco.com/news/press-releases ran insecure content from http://use.typekit.com/lwe1pzs.js.
> The page at https://www.alfresco.com/news/press-releases ran insecure content from http://s7.addthis.com/js/250/addthis_widget.js.
> The page at https://www.alfresco.com/news/press-releases ran insecure content from http://use.typekit.com/lwe1pzs.js.
> The page at https://www.alfresco.com/news/press-releases ran insecure content from http://s7.addthis.com/js/250/addthis_widget.js.
> The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://tags.w55c.net/rs?id=e1f1336c2994484b8581404a67ce0a0b&t=marketing.
> The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://www.googleadservices.com/pagead/conversion/1033198129/?value=0&label=5QX4CN2IggMQsbTV7AM&guid=ON&script=0.
> The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://ad.yieldmanager.com/pixel?adv=724740&code=0AfHwCAxgc&t=2.
> The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1033198129/?value=0&label=5QX4CN2IggMQsbTV7AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false.
Comment 4 Vojtech Vitek 2012-08-23 18:25:16 EDT
Re-assigning to Clayton, as I can't help here.

Imho, this issue is not related to the Drupal Cartridge but to the front-end of the Drupal site (js files and/or alfrescodotcom theme).
Comment 5 clive darra 2012-08-24 04:48:38 EDT
sorry it looks like i've added some confusion here by mentioning a third party drupal site that does work

i am not worried at all about external links only openshift drupal internal links that are not secure

perhaps this makes it clearer

openshift drupal apps in https mode generate

<style type="text/css" media="all">
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t");
@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style>

<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script>
<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script>
<script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script>
<script type="text/javascript">

where they should generate 

<style type="text/css" media="all">
@import url("https://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t");
@import url("https://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t");
@import url("https://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t");
@import url("https://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style>

<script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script>
<script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script>
<script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script>
<script type="text/javascript">

ps openshift wordpress apps work correctly
Comment 6 Clayton Coleman 2013-02-12 22:00:12 EST
This is an upstream problem and is out of our hands.  Should be opened against Drupal core.

Note You need to log in before you can comment on or make changes to this bug.