Comments (5)
From @JamborJan on November 28, 2016 15:0
What is missing here is a force https feature or something like this. I have the same issue for external content and I'm not sure how to solve it. When I use plugins or themes whcih use e.g. Google Fonts I get:
[Warning] [blocked] The page at https://randomxyz.nameo.sandcats.io was not allowed to run insecure content from http://fonts.googleapis.com/css?family=PT+Sans+Narrow:400,700&subset=latin,latin-ext,cyrillic. (randomxyz.name.sandcats.io, line 51)
I guess Wordpress doesn't detect the fact that the page is https because Sandstorm works like reverse proxy here and inside the grain there is only an http connection from Sandstorm to the in-grain nginx server (or whatever you use inside the grain).
The sad story is: I didn't find a solution so far and the sandstorm guys seem to be pretty busy with other stuff as this repo and the issues inside are not updated since months.
from wordpress-sandstorm.
From @ocdtrekkie on November 28, 2016 15:6
@JamborJan It's worth noting that when Sandstorm sandboxing is more complete, external content like Google Fonts is likely not going to work at all without some sort of permission grant by Sandstorm.
from wordpress-sandstorm.
From @JamborJan on November 28, 2016 15:27
There is a rather philosophical problem with that. Technical wise this might all be true, awesome and secure. But these things bring problems for a sane usage of the Sandstorm WorPress port. There will pretty often be issues with:
- people want to use themes and plugins which use external resources. It should be possible for the user to allow external content for a grain (different topic, not here)
- insecure mixed content is more and more not allowed at all (the core of this issue) the way how the grain is setup prevents WordPress from detecting https. This should be fixed.
- its not possible to create a https page with a customised name without being an reverse proxy expert (not this issue here, see: dwrensha/wordpress-sandstorm#25)
So yes, you could stick to the explanation you gave but this will cause that users will not use wordpress on sandstorm and the goal of sandstorm of providing easy to install apps fur none-tech users which work out of the box is gone.
from wordpress-sandstorm.
From @ocdtrekkie on November 28, 2016 15:31
All I'm indicating is that the problem needs to be more holistically addressed. I don't know if it's possible for Sandstorm to maybe detect external resources and replace them when it's common ones like jQuery or Google Fonts, or if there needs to be some flavor of Sandstorm driver for external content or something.
from wordpress-sandstorm.
From @JamborJan on January 16, 2017 6:57
I was able to always get an https
prefix when I add this to the top of my template in the header.php
:
<?php
/* SSL Proxy */
$_SERVER['HTTPS']='on';
?>
Unfortunately causes this the following Wordpress on Sandstorm bug for every single link: dwrensha/wordpress-sandstorm#15
So for now this is no work around but maybe soon.
from wordpress-sandstorm.
Related Issues (20)
- 404s are not nice formatted HOT 1
- Pages which are not referenced in menus are missing (404s)
- Installing certain Plugins causes Error 500 HOT 4
- capnp build error HOT 20
- Metadata updates HOT 2
- Build Process HOT 10
- Screenshots should be updated HOT 1
- Sometimes the app will leave the sandstorm frame HOT 3
- New Gutenberg editor not working in Sandstorm HOT 2
- Add Finnish FI translation HOT 2
- loss of new posts HOT 4
- Media loading doesn't work in AOSP HOT 4
- 'Restore this revision' button is inactive at the revisions comparisment screen.
- 'bulk actions' doesn't work
- licensing server is unable to connect with my wp site HOT 5
- Why is this so out of date? HOT 1
- RSS Feed doesn't contain valid links
- WordPress testing official SQLite Support. Useful? HOT 2
- Release 17 tends to hang on powerbox-http-proxy setup HOT 3
- cURL error 60: SSL certificate problem: self signed certificate in certificate chain HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordpress-sandstorm.