Mixed-Content Errors when Embedding Cards in HTTPS

The Javascript file that the embedded cards use is always using the HTTP protocol even when served from an HTTPS domain.
<script async src="http://mementoembed.myresearch.institute/static/js/mementoembed-v20180806.js" charset="utf-8"></script>

The browsers are blocking this script because of mixed-content, and hence the card is not rendered correctly.

This issue was realized earlier in #95 and I think the current fix is to run the MementoEmbed server on HTTPS if the cards are to be used in an HTTPS page.

I don't think it always returns an HTTP URI as it utilizes the variable urlroot, but if your tests are shoing that then perhaps there is a bug somewhere.

MementoEmbed/mementoembed/services/product.py

Line 49 in 0e8f812

    
           ) + '<script async src="{}/static/js/mementoembed-v20180806.js" charset="utf-8"></script>'.format(urlroot),

MementoEmbed/mementoembed/services/oembed.py

Lines 70 to 71 in 3f412b5

    
           urlroot = request.url_root 
        
           urlroot = urlroot if urlroot[-1] != '/' else urlroot[0:-1]

The MementoEmbed server is on HTTPS and we are trying to embed the card into another HTTPS page.

We do not see this error at the endpoint: /ui/product/socialcard/. However, we do see it at the endpoint /services/product/socialcard/.

That is certainly a bug then. @shawnmjones should be able to investigate it.

Thanks @ibnesayeed for mentioning #95. @hariharshankar and I spoke about this offline and I asked him to put this ticket in so I could track it.

	urlroot = request.url_root
	urlroot = urlroot if urlroot[-1] != '/' else urlroot[0:-1]