back to article Google makes life easier for mixed-content sysadmins

Rejoice, sys admins with big non-encrypted image databases: Google feels your pain and says the next version of Chromium, 43, will provide some relief. One of the challenges, the Chocolate Factory reckons, is that old sites with lots of non-HTTPS resources can't be migrated with a simple flick of the switch. In current …

  1. Anonymous Coward
    Anonymous Coward

    "[...] something that requires users to decide whether to keep browsing or close the window."

    On IE, at least up to IE8, the prompt asks if you want to display the insecure items. You can continue reading with only the secure parts of the page. There is also a tick box to accept any insecure items in future.

  2. Stuart 22 Silver badge

    Please, please ...

    Sounds wonderful - but only if (as a minimum) Firefox, Safari, IE & Spartan follow suit in recognising and enforcing the same meta command. Otherwise it may create more problems than it solves (especially for operators of forums where posters reference their own images).

    1. Anonymous Coward
      Anonymous Coward

      Re: Please, please ...

      Very true as Chrome is off the table here and now. [My choice] I've always used relative links since at least twenty years. My problem here is whether they've kicked the tires enough on the security aspects, especially that second option (off-domain/site content).

  3. Anonymous Coward
    Anonymous Coward

    Umm, why are these sites not using '//example.com/path/to/image.jpg' to reference their images? By doing this, the URL scheme for the images will match the scheme for the page, be it HTTP or HTTPS.

    This is surely better than what seems like a bodge and since most content is database driven, a simple UPDATE query can adapt links to remove the http: part of the image URL.

    Since that requires each site updating, I can see why Google have done this, but if these sites had been linked properly to start with, they wouldn't be in this situation now.

    See section 4.2 of http://www.ietf.org/rfc/rfc3986.txt

    1. richardcox13

      > why are these sites not using[…]

      Content separated from structure (eg. CMS) could well mean no one person controls all the markup.

      (And there is always content relative links, eg. //code.jquery.com/jquery-1.11.2.min.js, for content from other domains.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021