Subpage https://kubuntu.org/getkubuntu/ shows mixed content warnings
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubuntu Website |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
The page
https:/
gets a degraded security warning in browsers, because it contains mixed content (unprotected HTTP content within an HTTPS webpage).
The reason is a stylesheet included from google:
<link rel='stylesheet' id='google-
Google of course supports HTTPS, so this can be easily avoided. Change this to either an https url or a protocol relative url like this:
<link rel='stylesheet' id='google-
A second http reference in the header is this:
<link rel="profile" href="http://
This URL seems also be available over HTTPS, so you can also change it.
The same CSS and profile links are embedded in the "home page" and other pages as well, however these don't get a degraded security warning.
I'm pretty sure this is related more to the <form> calls to the insecure http:// cdimage. ubuntu. com site. We will have to try and convince Canonical to install an SSL cert on cdimage.ubuntu.com so that we can use https in these form calls (they direct the visitor to the correct iso on cdimage.ubuntu.com)