We moved to secure pages some time ago and on every single page request browsers cause a pop-up for users warning them that some of the content on our website is delivered over a non-secure connection. After some investigation with fiddler, I found that this was caused by the image twitter_pull is including in its twitter-pull-listings.tpl.php template:

<img src="<div class="tweet-authorphoto"><img src="<?php print $tweet->userphoto; ?>"....etc etc

Would it be possible to include one additional variable to use when we create our hook_twitter_pull_blocks() function in which we could set an 'include_photo' variable to true or false if we want to include the image?

Or maybe that's unnecessary and folks should create their own templates when this issue comes up? That's what I just did. But I was thinking I would then miss out on cool new template improvements you may have planned in the future, so thus my suggestion.

Just an idea!

CommentFileSizeAuthor
#4 twitter_pull-protocolremoval-1813424-4.patch3.84 KBmikebell_
#3 twitter_pull_protocol_removal_1.diff3.86 KBkaosagnt
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

joachim’s picture

joachim CreditAttribution: joachim commented
Version: 7.x-1.0-rc3 » 7.x-2.x-dev

> Would it be possible to include one additional variable to use when we create our hook_twitter_pull_blocks() function in which we could set an 'include_photo' variable to true or false if we want to include the image?

Can Drupal determine whether it's currently being accessed over https rather than http?

If so, no need for a new variable -- just default to using the same protocol as the main site.

joachim’s picture

joachim CreditAttribution: joachim commented
Issue summary: View changes

Added more specifics about the file I found the code in and my current fix.

andileco’s picture

andileco CreditAttribution: andileco commented
Issue summary: View changes

I don't think this just applies to photos. When I added the block that comes with default view to an http-secure page, I got a warning that not all of the elements on the page were secure.

kaosagnt’s picture

kaosagnt CreditAttribution: kaosagnt commented
FileSize
twitter_pull_protocol_removal_1.diff3.86 KB

What you want to do is to remove all occurrences of http/https and let the browser determine the protocol from how the page is accessed. i.e

//twitter.com/blah

See the attached patch for the idea. YMMV.

The patch probably won't apply to any twitter_pull distribution as it is against my cleaned up twitter_pull tree.

See https://www.drupal.org/node/2025127 for that patch.

mikebell_’s picture

mikebell_ CreditAttribution: mikebell_ at CTI Digital commented
FileSize
twitter_pull-protocolremoval-1813424-4.patch3.84 KB

Re-rolled patch, applies to dev and latest release.

joachim’s picture

joachim CreditAttribution: joachim commented
Category: Feature request » Bug report
Status: Active » Fixed

Committed. Thanks!

  • joachim committed 9a343dc on 7.x-2.x authored by kaosagnt 
    Issue #1813424 by kaosagnt, mikebell_: Fixed browser security warning...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.