HTTPs "Mixed Content" Bugs


#1

Chrome canceld Mixed Content :wink:

Analytics:

Mixed Content: The page at ‘https://codecombat.com/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://analytics.codecombat.com/analytics’. This request has been blocked; the content must be served over HTTPS.

At Game:

Mixed Content: The page at ‘https://codecombat.com/play/level/gold-rush?team=ogres&opponent=539c88756e1d923105078f04’ was loaded over HTTPS, but requested an insecure resource ‘http://ghbtns.com/github-btn.html?user=codecombat&repo=codecombat&type=watch&count=true’. This request has been blocked; the content must be served over HTTPS.

And:

Mixed Content: The page at ‘https://codecombat.com/play/ladder/gold-rush#my-matches’ was loaded over HTTPS, but requested an insecure resource ‘http://ghbtns.com/github-btn.html?user=codecombat&repo=codecombat&type=watch&count=true’. This request has been blocked; the content must be served over HTTPS.

You can use:

://www.mydomain.de

So the call uses the same protocol as the page.


#2

Thanks–tracking the bug over here on GitHub: https://github.com/codecombat/codecombat/issues/2505