Tube Map widget not fully HTTPS

Dan-T · February 22, 2018, 1:48pm

I’ve been testing the Tube Map widget from the page: tflgovuk/forms/12425.aspx but when using it from an HTTPS served page we’re seeing errors (in chrome dev console) that some resources are being loaded using HTTP:

SEC7111: HTTPS security is compromised by http://tfl.gov.uk/tfl/syndication/widgets/images/roundel-header.gif default-search.html (1,1)
SEC7111: HTTPS security is compromised by http://www.tfl.gov.uk/tfl/common/images/grey-panel-header.gif default-search.html (1,1)

All other resources from the widget are loading over HTTPS. Is it possible to force these two images to load over HTTPS?

Thanks

jamesevans · February 23, 2018, 10:24am

Hi @Dan-T

I can’t seem to recreate this. When loading those GIFs, you should be redirected to the HTTPS version of those (as we don’t accept requests over port 80).

Can you show me what you’re seeing in the developer console in Chrome?

thanks,
James

Dan-T · February 23, 2018, 11:43am

Hi @jamesevans

Thanks for looking into this. I’ve attached an image for you. It looks like there’s an attempted redirect happening for those images but Chrome still warns about the mixed content. Maybe it’s due to the 302 rather than a 301 redirect?

Is it possible to get the widget updated so it doesn’t even request the images over HTTP?

briantist · February 23, 2018, 2:06pm

You can always use the very useful PHP substr() to manually fix the code to avoid the redirects

$HTML=substr($HTML,[“wrong”=>“right”, “wrongtoo”=>“righttwo”, ]);