Complete move to HTTPS - enforced by browsers

Discussion about generation of graphs and tables
Post Reply
User avatar
admin
Site Admin
Posts: 332
Joined: Sun Feb 07, 2010 9:22 pm

Complete move to HTTPS - enforced by browsers

Post by admin » Mon Nov 07, 2016 7:19 pm

As browsers start blocking HTTPS container pages to iframe HTTP pages, we decided to move all Meteoplug graphing to HTTPS.
This means that
  • Please change your calls to graphs from "http://meteoplug.com/cgi-bin/..." to "https://meteoplug.com/cgi-bin/...". HTTP will still work, but if your browser did once detect that a HTTPS variant is available it will connect to the HTTPS variant from that time on, even if you tell it to use HTTP only.
  • I will change links from the standard dashboard.html file also to HTTPS. If you have made your own specialized versions of this, please change your html files as well.
  • We will monitor performance of the web server. Today delivering HTTPS should not be too much of a burden, but it will for sure put some more pressure onto the CPUs.
  • WD-Live dashboard will not work until we have fixed that license also to HTTPS. (**solved**)
In case you are confused that Meteoplug server did not use HTTPS before... Yes, it did from the beginning when it comes to the user login and user admin pages, but years ago we decided not to go with HTTPS for delivering graphical data as we found it unnecessary and just a waste of once precious CPU power.

Melvinchunter
Posts: 2
Joined: Mon Mar 05, 2018 10:55 am

Re: Complete move to HTTPS - enforced by browsers

Post by Melvinchunter » Mon Mar 05, 2018 11:03 am

This is a browser-restriction; when on a secure (HTTPS) page, browsers will refuse to load insecure active content (e.g.: scripts, iframes) by default. It's not a problem you solve with Angular. You basically have 3 options:
1. Override the browser default. Instructions for this will change from browser to browser, but it must be done by every user. Probably won't happen
2. Use an HTTPS url as your iframe source. If the content you want is not delivered over HTTPS, I'm afraid you'll have to go through some trouble such as setting up your own HTTPS proxy. Not fun
3. Access/serve the main page over HTTP, so the browser will have no mixed-content complaints when the iframe is also just HTTP

hinaeni
Posts: 1
Joined: Mon May 14, 2018 11:39 am

Re: Complete move to HTTPS - enforced by browsers

Post by hinaeni » Mon May 14, 2018 11:46 am

According to the guidelines of Google, a website should be a secured connection, so those website which is HTTP are converting to https to rank on search engines.

Post Reply