tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Security warning (minor) on Tomcat site when using HTTPS
Date Thu, 03 Aug 2017 17:29:34 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

If you use https://tomcat.apache.org you'll see a security warning in
various browsers due to mixed-content.

The problem is that the "Support Apache" logo in the upper right-hand
corner of the page is served via HTTP instead of HTTPS.

The other images on the page come from tomcat.apache.org, and are
referenced using relative paths, so they inherit the protocol from the
parent page.

The Support Apache logo comes from www.apache.org and can't be a
relative link.

I'd like to fix this issue, and there are two possible approaches:

1. Always use HTTPS: just change the link protocol to https://

2. Use a protocol-relative link[1], whose use has been ... discouraged[2
]

Does anyone care one way or the other?

Thanks,
- -chris

[1] https://www.paulirish.com/2010/the-protocol-relative-url/
[2] ibid.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZg11+AAoJEBzwKT+lPKRY58AP/jWpdAtQ5OPWHmVZeQJqFeRm
4IYoQU3q7UAS+KYeUbfdfFE3f3OUO1BvZ1Ewqgf3SBtFcobtk+aeajhcWhCoijZ2
F+sA/9cvWFE9X8njNr3B+Z53apnS7x7Qlo/VZwT/kYwV2iZs2NhXlEzuhzVg37se
xJ304BPMmDuJgCsjIOt9MG+sBimZ0HPloqhYaZViUO/iNDA+MpNRiUVnZ6Rfo1D2
dBRDTpQqF8jpNaA7nXkHeea+ghpyK2NQ5HW3c1+rLO1hCUTrSuOuQBEDzMB0kt7p
lij2W3a2HIbsd/n4w9cT+mWdJxby/MCfcvjD2r8A83Z36KJWRzCGusiNcN00MJUl
+GegW9YTUMHtrphSvbv69JrqI/9BpM+jhFaz2lTmbDUaEGWvhZsNeKyK8X9/97gF
tJH5kdzHxDEj0fNsURYb66gtSgcL+dT8sPx+CMi8SkN6D2Zwk4YJtkdLBk4rguKq
JPM3H+8uFsK4cVHmiPHRlfsup+TcQxEQ7y/7oas7Q8Dc9KXE5EHf+fbTonwEfQFe
mFaok/qVrcZI3VHz1JQ9zkGwplsXDz2Ha/oyhFFGye0XPi+K5byISOq3t4csGuTg
FwAttYD1fvlhA8/N2/ytSBVF9JPRyOtH5DlAwPb5lb4/UKEPDEhx8bD7kmc4weLA
SHtI7btvU7VoJDqYZ5sS
=jX2Z
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message