Download
We're evolving to serve you better! This current forum has transitioned to read-only mode. For new discussions, support, and engagement, we've moved to GitHub Discussions.

Publii native scripts cause Chrome to block website and flag site as insecure

Forum Bug Report

  • November 9, 2019 at 10:12 pm #712
    Avatar photo[anonymous]

    Ok, I got past the issues of Publii not syncing the website to s3 by uploading the contents of the Publii’s output folder to s3 with CyberDuck. But now that I have Publii’s files as they are supposed to, I discovered a nasty problem with Publii’s out-of-the box setup:

    Screen-Shot-2019-11-09-at-21.44.46

    So before loading the CSS and the JS, Chrome blocks my website flagging big red bells about the security of Publii’s scripts. So if I click on “load unsafe scripts”, The CSS and the JS loads but then my site’s security grading disappears and people are constantly told the site is insecure despite the certificate:

    Screen-Shot-2019-11-09-at-21.38.46

    So, what’s going on?

    November 9, 2019 at 10:16 pm #715
    Avatar photo[anonymous]

    This was sent twice, just tried to delete it but one can’t.

    November 10, 2019 at 12:03 am #718
    Avatar photo[anonymous]
    This reply has been marked as private.
    November 10, 2019 at 7:14 am #720
    Avatar photoBob

    Hi,

    If you refer to the external SVG sprite file it does not work on Chrome or Firefox. The SVG map file must be served from the same domain you set in the server configuration.