Don't include external script only available on http

Question

Don't include external script only available on http

Closed this issue 8 years ago · 4 comments

I tried to install River on my server, which use https, so my browser refused to fetch scripts from fargo.io, because of mixed content rules.

From a security point of view, it would also be better to include this scripts into the repository of river5, to prevent attacks if files on fargo.io are modified.

Answer 1 · 2016-02-10T12:44:22.000Z

You can configure it to load the text of the home page from wherever you
like.

Look on the configuration page in docs.

Also, pretty sure there's a copy of the home page in the misc folder.

On Wednesday, February 10, 2016, Clochix notifications@github.com wrote:

I tried to install River on my server, which use https, so my browser
refused to fetch scripts from fargo.io, because of mixed content rules.

From a security point of view, it would also be better to include this
scripts into the repository of river5, to prevent attacks if files on
fargo.io are modified.

—
Reply to this email directly or view it on GitHub
#2.

Typed on an iPad with fat fingers.

Answer 2 · 2016-02-10T14:42:49.000Z

Thanks for your answer. In fact, the problem is not the homepage, but the scripts it includes, that are not available on https. Anyway, I will download each of them and serve them from my server.

Answer 3 · 2017-04-14T00:10:12.000Z

there are a lot of assets loaded via http from http://fargo.io, including CSS files that make River5 look bad on mobile devices (horizontal scrolling). I think all the assets should be moved into the river5 repository.

Answer 4 · 2017-10-02T16:18:24.000Z

@clochix Did you by any chance try to provide the scripts from within the nodejs server started by river5? Or did you provide them on some other server?