Tube Map widget not fully HTTPS


#1

I’ve been testing the Tube Map widget from the page: tflgovuk/forms/12425.aspx but when using it from an HTTPS served page we’re seeing errors (in chrome dev console) that some resources are being loaded using HTTP:

SEC7111: HTTPS security is compromised by http://tfl.gov.uk/tfl/syndication/widgets/images/roundel-header.gif default-search.html (1,1)
SEC7111: HTTPS security is compromised by http://www.tfl.gov.uk/tfl/common/images/grey-panel-header.gif default-search.html (1,1)

All other resources from the widget are loading over HTTPS. Is it possible to force these two images to load over HTTPS?

Thanks


#2

Hi @Dan-T

I can’t seem to recreate this. When loading those GIFs, you should be redirected to the HTTPS version of those (as we don’t accept requests over port 80).

Can you show me what you’re seeing in the developer console in Chrome?

thanks,
James


#3

Hi @jamesevans

Thanks for looking into this. I’ve attached an image for you. It looks like there’s an attempted redirect happening for those images but Chrome still warns about the mixed content. Maybe it’s due to the 302 rather than a 301 redirect?

Is it possible to get the widget updated so it doesn’t even request the images over HTTP?


#4

You can always use the very useful PHP substr() to manually fix the code to avoid the redirects

$HTML=substr($HTML,[“wrong”=>“right”, “wrongtoo”=>“righttwo”, ]);