Nitpick time: Got a mixed content warning from Opera when replying here. Apparently, it’s from trying to load an asset on this website, so fixing it doesn’t involve other hosts—only Discourse configuration or plugins.
EDIT: of course there’s good reasons for this warning as @NthPortal points out.
I would like to disagree slightly and say that this is more than a nitpick. Insecure scripts could be MITM’d and used to intercept account credentials or information, for example.
From what I can tell, the script is that is used to generate the preview when editing posts/replies. I will note that the problem does not exist on https://users.scala-lang.org/, so I it should be easy to fix.
I did an upgrade a few days ago to the latest version of discourse on contributors.scala-lang.org, but not on users.scala-lang.org, this is why you got the problem only here.
They changed the markdown engine to markdown-it:
https://github.com/discourse/discourse/commit/d0c5205a52e850fe97313ed05c3e637792547841
and this caused a problem with one URL.
I will try to fix that…
Ok, I did a quick hack to force https for the makdown js. It should be ok now.
Bumping up this thread since it’s related and has crept up again in a different location, this time: a favicon. I get this mixed content warning, both from: https://users.scala-lang.org and https://contributors.scala-lang.org:
contributors.scala-lang.org/:1 Mixed Content: The page at 'https://contributors.scala-lang.org/' was loaded over HTTPS, but requested an insecure favicon 'http://contributors.scala-lang.org/uploads/default/original/1X/5f642d983d7b6c2d0bb0a4a48be7df98d9de9dbc.ico'. This request has been blocked; the content must be served over HTTPS.
ping @fabien
I changed some settings on discourse + reverse proxy.
I did that only for contributors.scala-lang.org for now, and it looks ok.
I will do the same for users.scala-lang.org later this week.
It’s ok now on users.scala-lang.org (I had to change the GitHub OAuth to switch to the Scala Center organization).