Opened 4 years ago

Last modified 4 years ago

#5298 new defect

Request to https-embeded-Map (Mapquest) not fully https

Reported by: netty4711 Owned by: rails-dev@…
Priority: minor Milestone:
Component: website Version:
Keywords: export, embed, ssl, https, mapquest Cc:

Description

Wenn I use a ssl-secured URL for embedding a Map (Layer Mapquest): https://www.openstreetmap.org/export/embed.html?bbox=-29.0478515625%2C34.415973384481866%2C33.7939453125%2C61.12201916813026&layer=mapquest

than there is a small icon in the lower right corner. This image http://developer.mapquest.com/content/osm/mq_logo.png

is not requested through https, so Browser shows an incomplete SSL-connection. Since Google is soon forcing all websites to use https, could you please request this little Icon also with https, when openstreetmap is loaded over https?

Change History (2)

comment:1 Changed 4 years ago by Tom Hughes

Whilst I'm happy to look at this when I get a change, I would really love a citation for the claim that google is soon going to be forcing websites to use https... Aside from the fact that they don't actually control "all websites" and are therefore unable, in a literal sense, to do what you say, such an extraordinary claim definitely requires extraordinary evidence.

comment:2 Changed 4 years ago by netty4711

"forcing" is a hard word from me. Sorry for that. But there are some hints, that many websites would change in near future to https-version. Google is now going to promote https as it gaves https websites a higher ranking: http://googlewebmastercentral.blogspot.de/2014/08/https-as-ranking-signal.html

Next step seems to warn user on a non-https site in Google Chrome and if this happens other browsers would also do this: http://www.bbc.com/news/technology-30505970 http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

Same changes happens at the moment with mobile/non-mobile sites: http://www.business2community.com/online-marketing/google-start-penalizing-non-mobile-sites-01175992

But to come back to the issue. If a site has user login functionality it is very often also a ssl-secured site. Most sites uses than everywhere https. Than there are problems with embeding Maps with the standard feature.

Thanks for looking at that.

Note: See TracTickets for help on using tickets.