You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Rocket.Chat application is intermittently making http references to images/assets while being served over https. This results in a security warning in all major browsers.
Looking at approach 4 first, are we already using a custom theme? There's a little BCDevExchange logo in the bottom left corner of every page...how is that being injected?
yes, seeing telltale classes like .pathfinder-terms in theme.css as well
...but upon inspection of this repo I can't find those classes or a theme.css so...is there another repo perhaps? Or some things deployed that haven't been committed?
It appears that rc-work is the branch to fork for resolution of this issue, as the RC app has its own integration branch. Also to note, @ShellyXueHan has a large open PR in progress that we should avoid creating conflicts with #603
The text was updated successfully, but these errors were encountered:
The Rocket.Chat application is intermittently making
http
references to images/assets while being served overhttps
. This results in a security warning in all major browsers.Screenshots courtesy of @garywong-bc
Proposed solution as discussed with @patricksimonian on RC is to add a
Content-Security-Policy
with anupgrade-insecure-requests
directive.This could be implemented
This cannot be implemented upstream as CSP reports & PRs are discouraged.
Looking at approach 4 first, are we already using a custom theme? There's a little BCDevExchange logo in the bottom left corner of every page...how is that being injected?
from RC via @wenzowski (me)
...but upon inspection of this repo I can't find those classes or a theme.css so...is there another repo perhaps? Or some things deployed that haven't been committed?
It appears that
rc-work
is the branch to fork for resolution of this issue, as the RC app has its own integration branch. Also to note, @ShellyXueHan has a large open PR in progress that we should avoid creating conflicts with #603The text was updated successfully, but these errors were encountered: