[BUG] Debug page broken on HTTPS #2271
Comments
|
The static files could also be hosted on github pages, which supports http and https and costs nothing :) |
|
You can change the default servers to any you want using Phalcon\Debug::setUri |
|
I didn't know you could do that. I'd like to suggest that make it into the actual documentation rather than just in the API. That's still not perfect though, as browsers still block unsecure content until you manually make an exception. I like @maxgalbu's suggestion of putting the resources on github. |
|
The current self-signed SSL certificate is enough, it costs nothing and you just need to accept the certificate once. I don't know how MaxCDN works... are you guys able make secure connections use the same document root?! |
|
I've collected all resources used by |
|
@cvsguimaraes Thanks - I've done that also. It seems like a lot of unnecessary work when simply activating a certificate would allow the built-in-to-Phalcon system to work. |
|
@quasipickle I believe they're busy shipping more awesome stuff for us ❤️ |
|
FYI - activating the certificate for the CDN costs $40 a month. Cost vs. reward. I am not saying that people don't use Phalcon\Debug but there is a handful that do over HTTPS (at least those that reported that do) and it is a debug component. Effectively the certificate costs twice as much as one of our servers.... |
|
@niden You have considered self-signed certficates? |
|
@cvsguimaraes Yes but MaxCDN will still charge that much for the use of HTTPS. I am considering changing the CDN to Amazon for that reason. |
|
As an individual person, one can obtain free one-year valid HTTPS certificates from StartSSL. This might be a solution for the problem... |
|
As I wrote before, MaxCDN charges you irrespective of whether you bought the certificate yourself, whether it is free or not. To use their service over HTTPS you have to pay. I am pretty much convinced that moving to AWS will solve this issue. |
|
I've suggested before that the CSS and JS that is required by the debug page could be included inline in the debug page so external resources don't need to be accessed at all. Is this approach being considered at all? |
|
😆 |
|
@cvsguimaraes yep. Cloudfront allows for both http/https connections. |
|
This is fixed in Phalcon 2.0.3 |
This is basically a re-issuing of #987 because the problem is back.
When viewing a page via https that has a debug message, all the resources (CSS/JS) are blocked. The certificate doesn't identify itself as static.phalconphp.com, and even if you bypass that, the file doesn't exist anyway.
I don't think it should be too difficult to simply add a certificate to the phalconphp.com server. This is basically breaking the built-in debugger for anyone who develops on an https host. Yes, it will cost a little more, but that's the price the organization has to pay for choosing to host files. If you don't want to maintain the service, just include the CSS & javascript code in the generated page, rather than having the browser get it from static.phalconphp.com
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: