Description of problem: openshift drupal cartridge sends links to insecure include files in https mode Version-Release number of selected component (if applicable): How reproducible: everytime Steps to Reproduce: 1. build a openshift drupal vm 2. run google chrome browser 3. goto https version of site (ie https://drupal-osde8info.rhcloud.com/) Actual results: layout is badly broken because chrome is blocking insecure css and js files <style type="text/css" media="all">@import url("http://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script> <script type="text/javascript"> Expected results: https layout should be same as http layout includes should all be prefixed with https instead of http Additional info: might be upstream drupal issue ? workaround use seamonkey instead of chrome
This could be specific to the apache config in the quickstart. Vojtek might be a good candidate to look at this.
comparing http://www.alfresco.com/news/press-releases to https://www.alfresco.com/news/press-releases shows you what should happen when a drupal site is switched from http to https view-source:https://www.alfresco.com/news/press-releases <style>@import url("https://www.alfresco.com/modules/system/system.base.css?m924uy"); @import url("https://www.alfresco.com/modules/system/system.menus.css?m924uy"); @import url("https://www.alfresco.com/modules/system/system.messages.css?m924uy"); @import url("https://www.alfresco.com/modules/system/system.theme.css?m924uy");</style> <style media="screen">@import url("https://www.alfresco.com/sites/www/modules/contrib/qtip/library/jquery.qtip.css?m924uy"); @import url("https://www.alfresco.com/sites/www/modules/contrib/qtip/css/qtip.css?m924uy");</style> <style>@import url("https://www.alfresco.com/modules/aggregator/aggregator.css?m924uy"); @import url("https://www.alfresco.com/modules/comment/comment.css?m924uy"); @import url("https://www.alfresco.com/sites/www/modules/contrib/date/date_api/date.css?m924uy"); @import url("https://www.alfresco.com/sites/www/modules/contrib/date/date_popup/themes/datepicker.1.7.css?m924uy"); @import url("https://www.alfresco.com/modules/field/theme/field.css?m924uy"); @import url("https://www.alfresco.com/modules/node/node.css?m924uy");
Seems like the website uses insecure content from external sites (javascript fonts etc.) - so it's not about Apache settings. The external links should be switched to https:// as well, if possible, or the files should be downloaded and served internally using secure connection. From Chrome console: > The page at https://www.alfresco.com/news/press-releases ran insecure content from http://use.typekit.com/lwe1pzs.js. > The page at https://www.alfresco.com/news/press-releases ran insecure content from http://s7.addthis.com/js/250/addthis_widget.js. > The page at https://www.alfresco.com/news/press-releases ran insecure content from http://use.typekit.com/lwe1pzs.js. > The page at https://www.alfresco.com/news/press-releases ran insecure content from http://s7.addthis.com/js/250/addthis_widget.js. > The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://tags.w55c.net/rs?id=e1f1336c2994484b8581404a67ce0a0b&t=marketing. > The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://www.googleadservices.com/pagead/conversion/1033198129/?value=0&label=5QX4CN2IggMQsbTV7AM&guid=ON&script=0. > The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://ad.yieldmanager.com/pixel?adv=724740&code=0AfHwCAxgc&t=2. > The page at https://www.alfresco.com/news/press-releases displayed insecure content from http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1033198129/?value=0&label=5QX4CN2IggMQsbTV7AM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false.
Re-assigning to Clayton, as I can't help here. Imho, this issue is not related to the Drupal Cartridge but to the front-end of the Drupal site (js files and/or alfrescodotcom theme).
sorry it looks like i've added some confusion here by mentioning a third party drupal site that does work i am not worried at all about external links only openshift drupal internal links that are not secure perhaps this makes it clearer openshift drupal apps in https mode generate <style type="text/css" media="all"> @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t"); @import url("http://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script> <script type="text/javascript" src="http://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script> <script type="text/javascript"> where they should generate <style type="text/css" media="all"> @import url("https://drupal-osde8info.rhcloud.com/modules/system/system.base.css?lp434t"); @import url("https://drupal-osde8info.rhcloud.com/modules/system/system.menus.css?lp434t"); @import url("https://drupal-osde8info.rhcloud.com/modules/system/system.messages.css?lp434t"); @import url("https://drupal-osde8info.rhcloud.com/modules/system/system.theme.css?lp434t");</style> <script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/jquery.js?v=1.4.4"></script> <script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/jquery.once.js?v=1.2"></script> <script type="text/javascript" src="https://drupal-osde8info.rhcloud.com/misc/drupal.js?lp434t"></script> <script type="text/javascript"> ps openshift wordpress apps work correctly
This is an upstream problem and is out of our hands. Should be opened against Drupal core.