AnsweredAssumed Answered

Non-secure items on secure connections

Question asked by zladuric on Jun 9, 2011
Latest reply on Oct 11, 2011 by zladuric
Hello,

I am running Alfresco 3.4 community behind apache w/mod-jk. We're on a https-only server.

Now, everything is mostly fine, but there is one problem. Each time I access the site, a link to http://www.alfresco.com/assets/images/logos/community-3.4-share.png is called.

Now, this seems to be hardcoded, check it here:
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/slingshot/source/java/org/alfresco/web/scripts/MessagesWebScript.java

The problem with that setup is that I now have client browsers complaining about site security. Especially users with old Explorers, they have to agree every click that they're fine with site security.

From what I see, my only option to prevent this is to patch the MessagesWebScript.java?

Now, I know that you want to track the usage, but this is creating problems on https links. So I suggest that in future versions this be created dynamically so that the site security is still ok.

Outcomes