Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
Hi, on chrome i have a message:
Mixed content: the page ... was loades over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com....'. This content should also be server over HTTPS.
i don't have a reference to google fonts.
How to resolver this isue?
here my output after adding/activating the sapphire theme
<head>
<title></title>
<script type="text/javascript" src="/zksupport86/zkau/web/416fada1/js/zk.wpd" charset="UTF-8"></script>
<script type="text/javascript" src="/zksupport86/zkau/web/416fada1/js/zul.lang.wpd" charset="UTF-8"></script>
<script type="text/javascript" src="/zksupport86/zkau/web/416fada1/js/zkbind.wpd" charset="UTF-8"></script>
<!-- ZK 8.6.0.1 EE 2018112010 -->
<link rel="stylesheet" type="text/css" href="/zksupport86/zkau/web/416fada1/_zkiju-sapphire/zul/css/zk.wcs"/>
</head>
the open-sans font is only added on my side, when also adding the atlantic-theme-jar to my dependencies. Please check whether you accidentally have the atlantic.jar in your classpath and remove it to see if the font goes away.
As you can see in the code the http scheme is not hard coded and follows your HTTP request scheme (exec.getScheme()). If that doesn't return HTTPS, then I assume your proxy settings aren't setup accordingly. E.g. in a tomcat behind an NGINX server, it could be just missing to set the proxy header for the scheme (to tell tomcat the request was actually done via HTTPS even if tomcat uses only HTTP internally)
from https://stackoverflow.com/a/51489259/4740707:
proxy_set_header X-Forwarded-Proto $scheme;
and in your tomcat settings make it aware of those forwarding headers in server.xml:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
/>
Anyway that's server/container specific, so this will likely vary on your side. So you'll have to ask the person with appropriate expertise and privileges in your enviroment.
Alternatively the font can be disabled by setting the library property org.zkoss.theme.atlantic.useGoogleFont.disabled to true in your zk.xml.
yes such an issue was reported earlier in ZK-2693 and has been fixed in the mean time.
You didn't mention which theme you are using or which exact ZK version so it's hard to compare your described scenario to anything.
I didn't find any reference to fonts.googleapis.com in the sapphire theme, so this must originate somewhere else. can you please check in your developer tools, where the stylesheet referenceing this http url is included? I'll increase your karma so you can post screenshots.
cor3000 ( 2020-01-17 10:52:42 +0800 )editThanks @cor300 here is more information
On chrome this is the message:
In my page, is no reference to fonts.googleapis.com, but on the source code on the page (from chrome), i found this:
I don't know where or how this code is generate, in the application is only one css file, and doesn't have any reference. The only place where is reference a "sans" font is here:
Asked: 2019-12-07 00:16:42 +0800
Seen: 24 times
Last updated: Jan 20 '20