Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
I came across the following post from the people of Typekit:
http://blog.typekit.com/2015/09/01/font-loading-update-all-https-all-the...
It suggests that, due to recent vulnerabilities and exploits in the OpenType and TrueType font formats, they recommend using HTTPS over protocol agnostic or http inclusion of their javascript.
Adding HTTPS to a non-HTTPS site AFAIK isn't a problem (happens all the times with CDN throught https on http pages). It would give you more safety, all the time.
Proposed resolution
Replace all typekit includes to https.
Remaining tasks
None
User interface changes
None
API changes
Replace all typekit references to https
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#2 | fontyourface-typekit_https_urls-2839353-2.patch | 1.78 KB | oenie |
Comments
Comment #2
oenie CreditAttribution: oenie as a volunteer commentedPatch for suggested change.
Comment #3
noah CreditAttribution: noah commentedI've got a site on a server that doesn't provide $_SERVER['HTTPS'] (for convoluted reasons), so Typekit wasn't working because the module didn't recognize that the site is HTTPS and was trying to load Typekit via HTTP. This patch fixed the issue, so +1 for getting this into the module.
Comment #4
Neslee Canil Pinto