We moved to secure pages some time ago and on every single page request browsers cause a pop-up for users warning them that some of the content on our website is delivered over a non-secure connection. After some investigation with fiddler, I found that this was caused by the image twitter_pull is including in its twitter-pull-listings.tpl.php template:
<img src="<div class="tweet-authorphoto"><img src="<?php print $tweet->userphoto; ?>"....etc etc
Would it be possible to include one additional variable to use when we create our hook_twitter_pull_blocks() function in which we could set an 'include_photo' variable to true or false if we want to include the image?
Or maybe that's unnecessary and folks should create their own templates when this issue comes up? That's what I just did. But I was thinking I would then miss out on cool new template improvements you may have planned in the future, so thus my suggestion.
Just an idea!
Comment | File | Size | Author |
---|---|---|---|
#4 | twitter_pull-protocolremoval-1813424-4.patch | 3.84 KB | mikebell_ |
#3 | twitter_pull_protocol_removal_1.diff | 3.86 KB | kaosagnt |
Comments
Comment #1
joachim CreditAttribution: joachim commented> Would it be possible to include one additional variable to use when we create our hook_twitter_pull_blocks() function in which we could set an 'include_photo' variable to true or false if we want to include the image?
Can Drupal determine whether it's currently being accessed over https rather than http?
If so, no need for a new variable -- just default to using the same protocol as the main site.
Comment #1.0
joachim CreditAttribution: joachim commentedAdded more specifics about the file I found the code in and my current fix.
Comment #2
andileco CreditAttribution: andileco commentedI don't think this just applies to photos. When I added the block that comes with default view to an http-secure page, I got a warning that not all of the elements on the page were secure.
Comment #3
kaosagnt CreditAttribution: kaosagnt commentedWhat you want to do is to remove all occurrences of http/https and let the browser determine the protocol from how the page is accessed. i.e
//twitter.com/blah
See the attached patch for the idea. YMMV.
The patch probably won't apply to any twitter_pull distribution as it is against my cleaned up twitter_pull tree.
See https://www.drupal.org/node/2025127 for that patch.
Comment #4
mikebell_ CreditAttribution: mikebell_ at CTI Digital commentedRe-rolled patch, applies to dev and latest release.
Comment #5
joachim CreditAttribution: joachim commentedCommitted. Thanks!