New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix : mixed content of custom emoji #5033

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@syui
Contributor

syui commented Sep 21, 2017

Problem

My instance, since the URL of custom emoji is http://, there was a mixed content problem.

This commit is to fix it.

img src : http://xxx/emoji.png -> //xxx/emoji.png

I am not using AWS S3.

Find and fix mixed content

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

Error message

Mixed Content: The page at 'https://${host}/${user}' was loaded over HTTPS, but requested an insecure video 'http://${host}/system/custom_emojis/images/000/000/xxx/original/coolcat.png'. This content should also be served over HTTPS.

Page where the problem occurred

public user page.

url : https://${host}/@user, example : https://mstdn.syui.cf/@syui

Before

<img draggable="false" class="emojione" alt=":coolcat:" title=":coolcat:" src="http://${host}/system/custom_emojis/images/000/000/xxx/original/coolcat.png?xxxxxxx">

After

img src : http:// -> //

<img draggable="false" class="emojione" alt=":coolcat:" title=":coolcat:" src="//${host}/system/custom_emojis/images/000/000/xxx/original/coolcat.png?xxxxxxx">
@Gargron

This comment has been minimized.

Show comment
Hide comment
@Gargron

Gargron Sep 21, 2017

Member

Are you sure you have set LOCAL_HTTPS=true?

The custom emoji path is not generated differently than avatars, headers, media attachments, etc. This PR should not be necessary.

Member

Gargron commented Sep 21, 2017

Are you sure you have set LOCAL_HTTPS=true?

The custom emoji path is not generated differently than avatars, headers, media attachments, etc. This PR should not be necessary.

@syui

This comment has been minimized.

Show comment
Hide comment
@syui

syui Sep 21, 2017

Contributor

@Gargron
In my environment did not work LOCAL_HTTPS = true.

  • heroku + cloudflare

It may be similar to this symptom. #1011

Contributor

syui commented Sep 21, 2017

@Gargron
In my environment did not work LOCAL_HTTPS = true.

  • heroku + cloudflare

It may be similar to this symptom. #1011

@Gargron

This comment has been minimized.

Show comment
Hide comment
@Gargron

Gargron Sep 21, 2017

Member

@syui CDN_HOST has the format protocol://host so are you sure you have https:// in there?

Member

Gargron commented Sep 21, 2017

@syui CDN_HOST has the format protocol://host so are you sure you have https:// in there?

@syui

This comment has been minimized.

Show comment
Hide comment
@syui

syui Sep 21, 2017

Contributor

@Gargron CDN_HOST was not set.
Would you let me know what your thoughts are on this matter.

Contributor

syui commented Sep 21, 2017

@Gargron CDN_HOST was not set.
Would you let me know what your thoughts are on this matter.

@syui

This comment has been minimized.

Show comment
Hide comment
@syui

syui Sep 21, 2017

Contributor

@Gargron I confirmed that it works well when I set CDN_HOST.
Close PR, Thank you so, so much!

Contributor

syui commented Sep 21, 2017

@Gargron I confirmed that it works well when I set CDN_HOST.
Close PR, Thank you so, so much!

@syui syui closed this Sep 21, 2017

@syui syui deleted the syui:custom_emoji branch Sep 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment