Insecure includes blocked on https sites | WordPress.org

Resolved Michael Cannon
(@comprock)

10 years, 9 months ago

I suggest removing http: from https://plugins.trac.wordpress.org/browser/hotspots/trunk/php/controllers/admin-controller.php#L322 so that clients on https don’t have the script blocked.

Ditto for https://plugins.trac.wordpress.org/browser/hotspots/trunk/php/controllers/frontend-controller.php#L58.

https://wordpress.org/plugins/hotspots/

Viewing 4 replies - 1 through 4 (of 4 total)

jshare
(@jshare)

10 years, 9 months ago

Good catch.

I patched it on my end by making both controllers protocol-agnostic:

//ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css

Plugin Author dpowney
(@dpowney)

10 years, 9 months ago

Hi Michael, jshare,

Appreciate if you could post your code fixes or make a pull request on Github https://github.com/danielpowney/hotspots-analytics.

Thanks,
Daniel

Plugin Author dpowney
(@dpowney)

10 years, 9 months ago

Pretty simple change. Please retest with version 4.0.9. Thanks,

jshare
(@jshare)

10 years, 9 months ago

Fixed for me

thanks

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Insecure includes blocked on https sites’ is closed to new replies.

4 replies
3 participants
Last reply from: jshare
Last activity: 10 years, 9 months ago
Status: resolved