aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhttps://www.google.com/accounts/o8/id?id=AItOawnX7wmMSOf-XrWnJHlN6vTTijsjhLoe0n8 <Goopy@web>2013-09-24 08:48:55 -0400
committeradmin <admin@branchable.com>2013-09-24 08:48:55 -0400
commit961afd3446ca822d2f329c8034ad300dd92327db (patch)
treeb0e946b9bcb556dfa24639a644d0f1d7c7a868e9
parent3dec55f4dc4236a3662b34609bbfff80eb34f255 (diff)
downloadikiwiki-961afd3446ca822d2f329c8034ad300dd92327db.tar
ikiwiki-961afd3446ca822d2f329c8034ad300dd92327db.tar.gz
-rw-r--r--doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn14
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn b/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn
new file mode 100644
index 000000000..99906a5de
--- /dev/null
+++ b/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn
@@ -0,0 +1,14 @@
+For security reasons, ikiwiki.cgi should only be accessed via HTTPS, which is easy to set in the config, however each wiki page contains
+
+ <link rel="stylesheet" href="http://ikiwiki.info/style.css" type="text/css" />
+ <link rel="stylesheet" href="http://ikiwiki.info/local.css" type="text/css" />
+
+regardless of whether the site is accessed via HTTP or HTTPS, which causes most modern browsers to automatically disable javascript and complain about the site only being partially encrypted. Features such as the openID-selector stop working unless the user manually allows the browser to execute unsafe scripts on the site.
+
+This can be fixed by setting the base wiki url to a protocol relative url, such as
+
+ //wiki.example.com
+
+but this breaks all sorts of things, like the 404 plugin and wiki rebuilds will throw the following perl warning several times:
+
+ Use of uninitialized value in string ne at /usr/share/perl5/IkiWiki.pm line 586