Proxy package icons that are not served over SSL
See original GitHub issueFor example on https://www.nuget.org/packages/Microsoft.Data.OData/5.0.0.50403 there is a JS security error SEC7111: HTTPS security is compromised by http://static.tumblr.com/hgchgxz/9ualgdf98/icon.png
Issue Analytics
- State:
- Created 8 years ago
- Comments:9 (8 by maintainers)
Top Results From Across the Web
Jira over SSL icon issue
Hi,. We are small team and using Jira to manage some projects. and i am not expert in server administration and i have...
Read more >Looking for general guidance on serving SSL through a ...
Looking for general guidance on serving SSL through a reverse proxy : r/selfhosted.
Read more >How to verify that ssl was not intercepted via proxy etc in ...
As a client, you can verify that your SSL/TLS connection was not intercepted by a MITM proxy (Fiddler or other) by checking its...
Read more >How to solve nginx reverse proxy mixed content(http, https)
I have a bunch of VMs running in one box, the box is behind my router obviously, one of the VMs is running...
Read more >How to Quickly Fix Mixed Content Warnings (HTTPS/SSL)
Mixed content warnings are common after an HTTPS migration or adding a new service. Check out how to quickly fix these on your...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is done. All icons are served from nuget.org’s cache. Gravatar images are proxied by nuget.org.
@skofman1 How is this work progressing? Browsers are starting to complain more and more about mixed mode served content as it’s clearly a security risk for MITM attacks.
I.e. Microsoft WindowsAzure.Storage gravatar is served over http (
http://www.gravatar.com/avatar/425be63bdaaeeffd26d0172ed2030198.png
) making browsers grumpy.