Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[demos/portfolio] Logo is broken #129

Open
LeaVerou opened this issue Jun 22, 2021 · 5 comments
Open

[demos/portfolio] Logo is broken #129

LeaVerou opened this issue Jun 22, 2021 · 5 comments

Comments

@LeaVerou
Copy link
Member

https://mavo.io/demos/portfolio/

Likely hotlinking protection

@LeaVerou
Copy link
Member Author

Oh no, it's not hotlinking protection, it's mixed content!

@JosephMcGreene
Copy link

Hey, mind if I take a whack at this?

@LeaVerou
Copy link
Member Author

LeaVerou commented Dec 8, 2021

Hey, mind if I take a whack at this?

Sure, thanks. How did you find Mavo?

@JosephMcGreene
Copy link

Originally, I was looking for projects to try my hand at contributing to open source, as I'm pretty new to it, and I found Mavo on a "good for first timers" list as a Google result. I started playing around with Mavo and realized it is a pretty cool library and I'd like to contribute to it :D

@JosephMcGreene
Copy link

So, I did some testing and looking around, and it appears that there are two ways to fix this issue, neither of which I feel at liberty to implement (or capable of implementing) without a discussion. It is worth noting that these issues also likely extend to issue #128. It's also worth noting that this is primarily an issue in Chrome and Edge; I booted up the site in Firefox Developer Edition and regular Firefox to discover that the logo loaded just fine (Although I did get console warnings spat out at me).

(1) Download each individual affected image and use a relative URL to access them instead of an absolute URL. However, if we want the mavo page to update dynamically with the artist's portfolio site, this is not a sustainable option. But doing it this way means the images will be served over HTTPS, as the source-website they are being retrieved from is itself served over HTTP, which brings me to the second option.

(2) Because the images' src is an absolute URL served over HTTP, when Chrome and Edge attempt to upgrade it to HTTPS before loading and displaying it, they instead decide they had better not. They don't want to display a logo or image from an insecure source. The only way to resolve this, as far as I can tell, is to serve the entire source website ( http://julesmuck.com/ ) from HTTPS. However, considering that portfolio website is not actually a part of this repo, I'm not sure how to go about this.

(3) Don't load the images or logo at all, which essentially amounts to removing this entire page from the mavo site.

I'm fairly new to the development world, so perhaps I'm missing something and this can be remedied in a different way(?).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants