Unsafe scripts using pelican

2
votes

I'm trying to generate a website with pelican. When I run the localhost everything looks good. However, when I upload the content to my github pages and try to see the content it looks like the layout is all messed up. I'm using chrome and it seems like the content includes unauthenticated sources. If I choose the load unsafe scripts option with chrome then the website looks the same as the localhost.

If I look at the developer tool I get a bunch of errors like:

Mixed Content: The page at 'https://username.github.io/' was loaded over HTTPS, but requested an insecure stylesheet 'http://username.github.io/theme/css/bootstrap.simplex.min.css'. This request has been blocked; the content must be served over HTTPS.

Is there a way to "tell" pelican to use a secure stylesheet?

1
pythonpelican
Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a minimal reproducible example.Łukasz Rogalski
I think the desired behavior is clear (to be able to generate a secure website). I added the error I'm getting from the browser. Not sure how else I can approach this issue in a manner that would be more useful to other readers.Eyal S.

1 Answers

1
votes

A site loaded via HTTPS may not load unsecured content: in your case, loading a CSS file via HTTP. The reverse is fine: an unsecured site may load secured content. Hence, the probably easiest fix is to always use HTTPS, e.g. for all CSS files, images, etc.

According to this (closed) Pelican issue, SITEURL and/or RELATIVE_URLS are the relevant configuration options to set.